W3C home > Mailing lists > Public > www-style@w3.org > January 2003

Re: Another view (sorry) on XBL and behaviours

From: Shelby Moore <shelby@coolpage.com>
Date: Mon, 06 Jan 2003 10:55:13 -0600
Message-Id: <4.1.20030106105108.01908140(null)>
To: Ian Hickson <ian@hixie.ch>
Cc: www-style@w3.org


>> From a security point of view, allowing links to active content in
styles is 
>> dangerous. Stylesheets are expected by many to be free of active content,
>> and are allowed in places such as user-submitted content, HTML e-mail etc.
>
>This is a very valid concern, and is very much of interest to me.
>
>There are several possible solutions.
>
>One is to suggest to the XML team that a new attribute be introduced,
>xml:scripting or some such, which could indicate that everything from that
>element and deeper should be unable to execute associated script.


Oh that is just great idea!

Now XBL will require changes in every major W3C standard (DOM, CSS, XML).

XSLT is much cleaner way to abstract the scripting from the markup.

As Daniel once wrote, "why use a hammer to swat flies"?  "Hammer" being
making XBL a standard.  "FIies" being the mechanism to abstract scripting
from the markup.


-Shelby Moore
Received on Monday, 6 January 2003 11:54:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:54:19 GMT