W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > August 2010

[Bug 9602] That autofocus attribute will wreak security havok. What an ignorant idea to bring more logic to HTML. I think I know a couple of ways to abuse it, since it actually is some sort of flow control, which only scripting languages should be capable of. I hope

From: <bugzilla@jessica.w3.org>
Date: Wed, 04 Aug 2010 13:32:45 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Oge5N-0006If-Nm@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=9602





--- Comment #8 from Skyphire <sasha@scarletred.nl>  2010-08-04 13:32:45 ---
(In reply to comment #7)
> So maybe the solution here is to say that autofocus should not work when
> scripting is disabled?

Anne, that is an excellent question. 

According to SGML (Generalized markup) that idea entertains the first
postulate:

1. Markup should describe (declare) a document's structure and other
attributes, rather than specify the processing to be performed on it, as
descriptive markup 
needs be done only once, and will suffice for future processing.

I just finished a paper on HTML5:
http://www.skyphire.nl/pubs/SKY-2010-07-01.txt 
where I talk a bit further about these specific elements that have been
assigned to perform procedures instead of solely having a declarative
structure.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Wednesday, 4 August 2010 13:32:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:20 UTC