W3C home > Mailing lists > Public > www-html@w3.org > August 2002

Re: New html security tag

From: David Woolley <david@djwhome.demon.co.uk>
Date: Thu, 22 Aug 2002 11:14:36 +0100
Message-ID: <000701c249c4$b855e5d0$9551a8c0@bts.co.uk>
To: <www-html@w3.org>

> <!ATTLIST ...
> trust    (trusted|marginal|untrusted)    trusted
>  >

I like this much better than an element.  This does seem to
be attribute, rather than element material (i.e. out of band).

> untrusted:
>  scripting elements will be ignored

I don't think the specification should specify how the attribute should be
handled, only explain the degree of confidence implied.   An equally good
browser implementation might be to force the IE security zone down one or
two levels, but let the user decide what they allow for those levels.

Whilst, in this modified form, it might be legally safer (IANAL) than non-language
alternatives (you are not telling the user what they have to do to be safe), my
view is that much better approaches would be:

1) not to use technologies that you consider unsafe, even in your part (unless you
    expect your site to be in the equvialent of the IE trusted zone, the user may have
   to enable them for your site and leave them on for the next, less trustworthy one);

2) parse out the HTML and regenerate it with well formed structure and only the 
    attributes that you consider safe.
Received on Thursday, 22 August 2002 06:15:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:52 GMT