- From: Sam Ruby <rubys@us.ibm.com>
- Date: Sun, 01 Jul 2007 19:52:51 -0400
- To: Anne van Kesteren <annevk@opera.com>
- CC: public-html@w3.org
Anne van Kesteren wrote: > > 2. Syndication is also addressed by <style scope>. Fully disagree. But, FWIW, your point would have a bit more credibility to me if you created html5lib sanitization test cases and code to match. I believe that disallowing style attributes is too blunt of an instrument. People will continue to use style attributes, and do so safely and interoperably and in a (reasonably) media independent fashion. And any spec that says that such usage is in any way discouraged will be viewed as evidence that the spec writers are out of touch with reality. By and large, the percentage of the web that validates is abysmal. So bad, that people by and large don't even try to conform anymore. Early experience with html5lib shows that much fewer errors are identified, and those errors are correspondingly more meaningful. I would hope that this group doesn't throw that away. On the other hand, identifying the set of CSS properties are worth white listing would be a worthwhile effort. I know that Lachlan will disagree with the next statement, but I believe that such an effort needs to be pragmatic, and take into consideration the utility, risk, *and* demand (and yes, that's the Pokemon argument) for each property. References: http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely http://intertwingly.net/blog/2006/05/12/Blogging-with-Style http://html5lib.googlecode.com/svn/trunk/python/tests/test_sanitizer.py http://html5lib.googlecode.com/svn/trunk/python/src/html5lib/sanitizer.py - Sam Ruby
Received on Sunday, 1 July 2007 23:53:29 UTC