- From: Stefan Mies <stefan.mies@gmail.com>
- Date: Mon, 10 Nov 2014 15:34:56 +0100
- To: Chaals from Yandex <chaals@yandex-team.ru>
- Cc: HTML for Email Community Group <public-htmail@w3.org>
- Message-ID: <CAOMFAkocn5zphMJx=_JANi-2BWUeJYQj=ZbU4_n6tGz0A=mGxg@mail.gmail.com>
Hi sounds good! I think the best is to organize it in our wiki with table header like: Group (CSS/Javascript/HTML ...) / Tag / Status (Removed / Add) / Why? Stefan 2014-11-10 13:45 GMT+01:00 <chaals@yandex-team.ru>: > Hi, > > in the WebApps working group, there is a spec for a clipboard API - mostly > about automatic copy/paste. > > One of the things they want to do before finishing it is describe how HTML > gets cleaned up for security before pasting into a random page. This may or > may not be similar to the things that are removed from mail when it is e.g. > presented in Webmail for security reasons. > > I don't expect to get a copy of everyone's security policies in detail, > but I think it would be useful to at least list common things that are > "removed" for security purposes, along with some explanation of the reason. > > For example I presume that more or less everyone takes out javascript > "eval" statements, because there is no way to automatically check that they > will do no harm. > > Would it be good to have a page to collect this in our wiki, or are people > prepared to send at least some of the stuff to the mailing list (and a > volunteer - I see one in the mirror - could start to gather them in a wiki)? > > This would be helpful for us, and I think helpful for the WebApps group - > which means they look at what we are doing which is also helpful for us. > > cheers > > Chaals > > -- > Charles McCathie Nevile - web standards - CTO Office, Yandex > chaals@yandex-team.ru - - - Find more at http://yandex.com > >
Received on Monday, 10 November 2014 14:35:22 UTC