- From: Joshua Cranmer <Pidgeot18@verizon.net>
- Date: Tue, 04 Feb 2014 11:49:48 -0600
- To: public-htmail@w3.org
On 2/4/2014 10:47 AM, Innovimax W3C wrote: > Well both of you, Robin and Joshua, are just saying that **any** JS is > a problem. On this point, I concur > > It doesn't lead me to think that a selection of libraries with the > right limitations, won't be able to make there way to htm@il > > I must admit that it would be the same as having access to some high > level API, but it would have the benefits of being able to allow > extensibility Allowing untrusted JS by itself is extremely problematic. Merely letting a page read and change the src parameter of an <img> is sufficient to constitute a privacy leak were JS to be enabled (using cid: would cause the URL to be rewritten into one that selects the part and therefore contains privacy-sensitive data like a path on the local machine; setting the source URL again would cause a lookup to an attacker-controlled webpage, submitting this information). As a result, only trusted JS would be tolerable--but this means that not even code to control a library would be tolerable. Logically speaking, what this leaves you with is a JS library that could only act on declarative HTML markup. This is effectively indistinguishable from defining a set of declarative extensions to HTML that apply in email, and this feature is certainly a much more tolerable pill to swallow than allowing JS execution. -- Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald E. Knuth
Received on Tuesday, 4 February 2014 17:50:37 UTC