W3C home > Mailing lists > Public > www-math@w3.org > November 2006

RE: The problems with namespaces in text/html (Was: MathML-in-HTML5)

From: Paul Topping <pault@dessci.com>
Date: Sat, 4 Nov 2006 09:25:22 -0800
Message-ID: <D1EFB337111B674B8F1BE155B01C6DD601533DC4@franklin.corp.dessci>
To: "Ian Hickson" <ian@hixie.ch>, "dolphinling" <lists@dolphinling.net>
Cc: <www-math@w3.org>, <dev-tech-mathml@lists.mozilla.org>, "WHAT WG List" <whatwg@whatwg.org>

Elements whose namespaces aren't known should be handled like any other
unknown HTML element. I believe the common way for user agents to handle
an unknown element is basically to ignore the tag and its attributes and
treat any text between start and end tags as if the tags weren't there.
Namespaces do not present any new challenge in this area. "Bogus
namespaces" are no more of a security risk than bogus HTML tags. It is
only the ones that ARE processed by the user agent that represent
potential security risks.

Paul Topping
Design Science, Inc.
www.dessci.com
 

> -----Original Message-----
> From: dev-tech-mathml-bounces@lists.mozilla.org 
> [mailto:dev-tech-mathml-bounces@lists.mozilla.org] On Behalf 
> Of Ian Hickson
> Sent: Friday, November 03, 2006 9:51 PM
> To: dolphinling
> Cc: www-math@w3.org; dev-tech-mathml@lists.mozilla.org; WHAT WG List
> Subject: Re: The problems with namespaces in text/html (Was: 
> MathML-in-HTML5)
> 
> On Mon, 9 Oct 2006, dolphinling wrote:
> > >
> > > I'm not saying don't add MathML to HTML. I'm saying don't add 
> > > namespace syntax to HTML.
> > 
> > Is this feasible? As much as I'd like this for ease of use, at some 
> > point or other when enough things have been added to html, 
> there will 
> > be conflicts. Namespaces seem like the only way to avoid those 
> > conflicts, and there needs to be some way of representing 
> those namespaces.
> 
> Since we can control what becomes valid HTML, yes, I think 
> it's feasible.
> 
> 
> > > Some pages even have completely bogus namespaces on the 
> root <html> 
> > > element, which would make the entire page screw up. Even worse, 
> > > Office HTML, of which there is a LOT on the Web, uses 
> namespaces in 
> > > a way to trigger IE to do one thing, but relies on the other 
> > > browsers *not* handling the namespaces to make sure it all works 
> > > everywhere. (Like I said earlier, I've worked with one browser 
> > > vendor who tried implementing this namespace thing 
> before, and had 
> > > to back out because it broke real content in pretty fundamental 
> > > ways.)
> > 
> > OUCH.
> > 
> > Is the list of bogus namespaces relatively confined? Would it be 
> > technically feasible to enumerate the worst ones and say 
> "ignore these"?
> 
> The list is pretty big, actually. It's quite depressing.
> 
> 
> > Are there any reasons besides ease of use and misuse in tag-soup 
> > content that XML's namespace syntax shouldn't be added to HTML?
> 
> I can't think of any other reasons off-hand, no. But those 
> reasons are so big that I find it difficult to think of 
> anything but those problems when I consider namespaces, so it 
> might just be that I'm not thinking clearly enough to see the 
> other problems.
> 
> -- 
> Ian Hickson               U+1047E                
> )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   
> _\  ;`._ ,.
> Things that are impossible just take longer.   
> `._.-(,_..'--(,_..'`-.;.'
> _______________________________________________
> dev-tech-mathml mailing list
> dev-tech-mathml@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-mathml
> 
Received on Saturday, 4 November 2006 17:25:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 20 February 2010 06:12:59 GMT