W3C home > Mailing lists > Public > www-style@w3.org > October 2007

Re: [becss] "Behavioral Extensions to CSS" computed value question

From: fantasai <fantasai.lists@inkedblade.net>
Date: Sat, 27 Oct 2007 11:23:12 -0400
Message-ID: <472357E0.6010603@inkedblade.net>
To: David Woolley <forums@david-woolley.me.uk>
CC: "www-style@w3.org" <www-style@w3.org>

David Woolley wrote:
> I very much hope not, as one of the advantages of CSS is that it does 
> not have the power of a general programming language and is therefore 
> much less likely to provide access to security holes, and, at least in 
> principle, easier to analyze mechanically.

The BECSS draft already crosses this line by importing scripts through
the 'binding' property. I haven't seen any serious discussion in the WG
about the security implications of this.

Received on Saturday, 27 October 2007 15:23:32 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:27:31 UTC