[Bug 12469] Dynamic Cross-Site Scripting and Page Repainting

http://www.w3.org/Bugs/Public/show_bug.cgi?id=12469

Aryeh Gregor <Simetrical+w3cbug@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #14 from Aryeh Gregor <Simetrical+w3cbug@gmail.com> 2011-06-24 21:35:13 UTC ---
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
satisfied with this response, please change the state of this bug to CLOSED. If
you have additional information and would like the Editor to reconsider, please
reopen this bug. If you would like to escalate the issue to the full HTML
Working Group, please add the TrackerRequest keyword to this bug, and suggest
title and text for the Tracker Issue; or you may create a Tracker Issue
yourself, if you are able to do so. For more details, see this document:

   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Rejected
Change Description: no spec change
Rationale: There is no threat that the proposed <plaintext> tag would address
that cannot already be better addressed by other means.  The threat explained
in comment #0 and subsequent comments is substantially identical to any
preexisting type of XSS, as far as I can determine based on the discussion. 
The only explanation as to why it's different is things like "behave in a
seemingly legitimate manner", "completely conforms to the same-origin policy",
and other statements that don't appear relevant to the proposed feature.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Friday, 24 June 2011 21:35:21 UTC