W3C home > Mailing lists > Public > www-html@w3.org > August 2007

Re: Tag to disable unwanted features?

From: David Woolley <forums@david-woolley.me.uk>
Date: Fri, 10 Aug 2007 08:05:16 +0100
Message-ID: <46BC0E2C.7020402@david-woolley.me.uk>
To: www-html@w3.org

Lincoln Yeoh wrote:
> I think it's way overdue to have a security oriented tag to disable 
> unwanted features. I proposed something like this here 5 years ago 
> (2002), and I'm back here to propose it again.

Where were you when Google implemented this wrongly, by using attributes 
on links that were potentially link spam because they were third party 
sourced?

> 
> Recap on why such tags are needed:

I presume you mean element, not tag.

> 
> With such tags you can give hints to the browsers to disable unwanted 
> stuff between the tags, so that even if your site's filtering is 

In a semantic language, like XHTML (your examples are for XHTML, not 
HTML), you should not attempt to tell the browser what to do, you should 
  simply tell it that some content is from an unvetted third party source.

> 
> <restricton lock="Random_hard_to_guess_string" except="java,safe-html" />

As noted, you should not be marking up documents with technology 
specific directives.

> browser ignores features except for java and safe-html.
> unsafe content here, but rendered safely by browser
> <restrictoff lock="wrong_string" />

Ouch.  Shades of tag soup.  You have created elements that behave like 
tag soup use of mis-nested open and close tags.  If  you really want to 
do that sort of thing, you should use processing instructions, instead.

However, especially as you are already assuming the use of XHTML, you 
should simply check the enclosed content for well formedness and then 
set an appropriate untrusted attribute on the containing element.

Incidentally, as Google have demonstrated, a elements are not part of 
safe HTML, so there is no H in safe HTML!
-- 
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.
Received on Friday, 10 August 2007 07:05:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:16:10 GMT