[Bug 9602] That autofocus attribute will wreak security havok. What an ignorant idea to bring more logic to HTML. I think I know a couple of ways to abuse it, since it actually is some sort of flow control, which only scripting languages should be capable of. I hope


--- Comment #8 from Skyphire <sasha@scarletred.nl>  2010-08-04 13:32:45 ---
(In reply to comment #7)
> So maybe the solution here is to say that autofocus should not work when
> scripting is disabled?

Anne, that is an excellent question. 

According to SGML (Generalized markup) that idea entertains the first

1. Markup should describe (declare) a document's structure and other
attributes, rather than specify the processing to be performed on it, as
descriptive markup 
needs be done only once, and will suffice for future processing.

I just finished a paper on HTML5:
where I talk a bit further about these specific elements that have been
assigned to perform procedures instead of solely having a declarative

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 4 August 2010 13:32:48 UTC