W3C home > Mailing lists > Public > www-style@w3.org > October 2007

Re: [becss] "Behavioral Extensions to CSS" computed value question

From: fantasai <fantasai.lists@inkedblade.net>
Date: Sat, 27 Oct 2007 11:23:12 -0400
Message-ID: <472357E0.6010603@inkedblade.net>
To: David Woolley <forums@david-woolley.me.uk>
CC: "www-style@w3.org" <www-style@w3.org> 

David Woolley wrote:
> 
> I very much hope not, as one of the advantages of CSS is that it does 
> not have the power of a general programming language and is therefore 
> much less likely to provide access to security holes, and, at least in 
> principle, easier to analyze mechanically.

The BECSS draft already crosses this line by importing scripts through
the 'binding' property. I haven't seen any serious discussion in the WG
about the security implications of this.

~fantasai
Received on Saturday, 27 October 2007 15:23:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 11 September 2008 23:28:59 GMT