W3C home > Mailing lists > Public > www-style@w3.org > July 2010

Re: [CSS21] Proposal for a replacement for section 17.2.1 (table anonymous objects)

From: fantasai <fantasai.lists@inkedblade.net>
Date: Wed, 21 Jul 2010 00:38:08 -0700
Message-ID: <4C46A3E0.8030202@inkedblade.net>
To: Boris Zbarsky <bzbarsky@MIT.EDU>
CC: "Tab Atkins Jr." <jackalmage@gmail.com>, www-style list <www-style@w3.org>
On 07/20/2010 08:42 PM, Boris Zbarsky wrote:
> On 7/20/10 10:16 PM, Tab Atkins Jr. wrote:
>> What possible security issues can result from an abspos element
>> changing from "leaves behind a placeholder cell" to "doesn't leave
>> behind a placeholder cell"?
>
> That's the wrong question. The correct question is "What security issues
> can arise from no longer having the invariant that all children of a
> table-row box are table-cell boxes?" The most obvious is that table
> layout assumes this and other such invariants and casts abstract box
> pointers to concrete class pointers based on contextual information. All
> instances of this would need to be found and fixed if the placeholder
> box remained but was allowed to be a direct child of table container boxes.

The table code is already written to skip past non-cell frames
in a table row. Now *why* we do this, I don't know. But given
that we do, I assume that if there are places in the table code
that aren't making these checks, they are considered bugs already.

Just sayin'.

~fantasai
Received on Wednesday, 21 July 2010 07:38:44 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:29 GMT