Re: Wiki page for style attribute

Anne van Kesteren wrote:
> 
> 2. Syndication is also addressed by <style scope>.

Fully disagree.

But, FWIW, your point would have a bit more credibility to me if you 
created html5lib sanitization test cases and code to match.

I believe that disallowing style attributes is too blunt of an 
instrument.  People will continue to use style attributes, and do so 
safely and interoperably and in a (reasonably) media independent 
fashion.  And any spec that says that such usage is in any way 
discouraged will be viewed as evidence that the spec writers are out of 
touch with reality.

By and large, the percentage of the web that validates is abysmal.  So 
bad, that people by and large don't even try to conform anymore.  Early 
experience with html5lib shows that much fewer errors are identified, 
and those errors are correspondingly more meaningful.

I would hope that this group doesn't throw that away.

On the other hand, identifying the set of CSS properties are worth white 
listing would be a worthwhile effort.  I know that Lachlan will disagree 
with the next statement, but I believe that such an effort needs to be 
pragmatic, and take into consideration the utility, risk, *and* demand 
(and yes, that's the Pokemon argument) for each property.

References:

http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely
http://intertwingly.net/blog/2006/05/12/Blogging-with-Style
http://html5lib.googlecode.com/svn/trunk/python/tests/test_sanitizer.py
http://html5lib.googlecode.com/svn/trunk/python/src/html5lib/sanitizer.py

- Sam Ruby

Received on Sunday, 1 July 2007 23:53:29 UTC