Suggestion for HTML-security-extension “scriptaccess” from Michael Kleiser on 2008-11-17 (public-evangelist@w3.org from November 2008)

From: Michael Kleiser <Michael.Kleiser@asknet.de>
Date: Mon, 17 Nov 2008 10:07:36 +0100
To: public-evangelist@w3.org
Message-ID: <OFC0327205.29502EF9-ONC1257504.00320BA9-C1257504.00325682@asknet.de>


Hello, I hope this is the right mailing-list for my mail and there is no
similar suggestion mailed before.
My idea is to create an universal HTML-attribute to block
cross-site-scripting –attacks for parts of a website, p. e. login-forms.
Like “httponly” for Cookies I want to have a possibility to limit the
access by Javascript and other scripting-languages in the browser.


An attribute “scriptaccess” could have the values: “on”, “off”, and “read
only”.
“on” would be the standard behavior, HTML-element s have nowadays and the
default if “scriptaccess” is not used.


“off” would make the HTML-element invisible for Scripts.
And “read only” of course only readable for them.

“scriptaccess” should also affect child-nodes of the node with the
attribute “scriptaccess”.
For child-nodes – of course – it should be possible to could change the
behavior with an “scriptaccess”-attribute on it.

Received on Monday, 17 November 2008 09:33:13 UTC