- From: Neil Jenkins <neilj@fastmail.fm>
- Date: Thu, 06 Feb 2014 18:49:46 +1100
- To: Charles McCathie Nevile <chaals@yandex-team.ru>
- Cc: HTML for Email Community Group <public-htmail@w3.org>
On Thu, 6 Feb 2014, at 06:43 PM, Charles McCathie Nevile wrote: > There seems to be no advantage over having the style sheet directly in > the head - you end up having to provide more content and a link for > the same result. I agree. I can't remember off the top of my head whether we handle this case, but if we do, it will be by essentially just rewriting the document to replace the link with an embedded <style>, extracted from the email. > On the other hand, the combination of discussions about sanitising > CSS, and signing Javascript for inclusion, makes me wonder if there is > any value in having links to known (signed), sanitised CSS. Known to whom? Signed and verified how? Trusted why? What standard of sanitisation? What if different services (for some reason) require different things to be sanitised to avoid conflicts? Not saying this isn't an interesting idea, but there're a lot of difficulties to overcome to make it work (and, of course, you still have the whole issue of tracking with *any* remote content). Neil.
Received on Thursday, 6 February 2014 07:50:09 UTC