- From: fantasai <fantasai.lists@inkedblade.net>
- Date: Wed, 21 Jul 2010 00:38:08 -0700
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- CC: "Tab Atkins Jr." <jackalmage@gmail.com>, www-style list <www-style@w3.org>
On 07/20/2010 08:42 PM, Boris Zbarsky wrote: > On 7/20/10 10:16 PM, Tab Atkins Jr. wrote: >> What possible security issues can result from an abspos element >> changing from "leaves behind a placeholder cell" to "doesn't leave >> behind a placeholder cell"? > > That's the wrong question. The correct question is "What security issues > can arise from no longer having the invariant that all children of a > table-row box are table-cell boxes?" The most obvious is that table > layout assumes this and other such invariants and casts abstract box > pointers to concrete class pointers based on contextual information. All > instances of this would need to be found and fixed if the placeholder > box remained but was allowed to be a direct child of table container boxes. The table code is already written to skip past non-cell frames in a table row. Now *why* we do this, I don't know. But given that we do, I assume that if there are places in the table code that aren't making these checks, they are considered bugs already. Just sayin'. ~fantasai
Received on Wednesday, 21 July 2010 07:38:44 UTC