W3C home > Mailing lists > Public > www-validator-css@w3.org > March 2003

Re: [FEATURE REQ] warning on floats with no width (was Re: [WD]: CSS Layout problem)

From: Paul Arzul <patricka@mkdoc.com>
Date: Wed, 12 Mar 2003 07:29:07 -0500 (EST)
Message-ID: <3E6F2977.5050901@mkdoc.com>
To: www-validator-css-request@w3.org
(sorry -- i forgot to enclosed the emails.)

please find them attached now.

- p

attached mail follows:


unescaped html in "Valid CSS informations" is a potential security issue.

simple test case[1]:

body:before
{
   content: "<script>alert('Hello World')</script>";
}

- p

(aside: i think "Valid CSS informations" should read "Valid CSS Statements"[2,3],
or simply just "Valid CSS".)

--
[1] 
http://jigsaw.w3.org/css-validator/validator?text=body%3Abefore%0D%0A%7B%0D%0A++content%3A+%22%3Cscript%3Ealert%28%27Hello+World%27%29%3C%2Fscript%3E%22%3B%0D%0A%7D%0D%0A&warning=1&profile=css2&usermedium=all
[2] http://www.w3.org/TR/REC-CSS2/syndata.html#q5
[3] http://www.wsu.edu/~gordonl/ESL/answer1.htm


Paul Arzul wrote:
> 
> a:before
> {
>   content: "<b>bold</b>";
> }
> 
> validates fine - but the validator generated html produced is:
> 
> <b>bold</b>
> 
> when it should[1] be:
> 
> &lt;b&gt;bold&lt;/b&gt;
> 
> - p
> 
> -- 
> 1. http://www.w3.org/TR/html4/charset.html#didx-character_entity_references


attached mail follows:


kevin c smith wrote on webdesign-l (http://webdesign-L.com/):
> 
> One thing you'll need to fix is that floated elements must have a width
> declared:
> 
>     <http://www.w3.org/TR/REC-CSS2/visuren.html#floats>

elements with intrinsic width include:
html, img, input, textarea, select, and object.

so the following should NOT create a warning:

img
{
   float: right;
}

for non-replaced elements (i.e. elements with no intrinsic width),
could we please issue a warning if no width is given?

for example, the following paragraph rule set SHOULD create a
missing width warning:

p
{
   float: right;
}

- p
Received on Monday, 24 March 2003 17:07:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 June 2012 00:14:11 GMT