- From: Alexander Graf <a.graf@aetherworld.org>
- Date: Tue, 27 Mar 2007 15:18:13 +0200
- To: Anne van Kesteren <annevk@opera.com>
- Cc: "Henrik Dvergsdal" <henrik.dvergsdal@hibo.no>, public-html@w3.org
On 27.03.2007, at 14:58, Anne van Kesteren wrote: > > On Tue, 27 Mar 2007 14:54:38 +0200, Henrik Dvergsdal > <henrik.dvergsdal@hibo.no> wrote: >> OK, I guess you're right. What if we restrict it to the post >> method and the "multipart/form-data" Content type? > > Everyone can make arbitrary POST requests. By doing it from the > commandline or if it really has to come from the page by running a > bookmarklet or something that does some XMLHttpRequest magic. +1 You absolutely HAVE to check any input from the user... > Anyway, http://www.whatwg.org/specs/web-forms/current-work/#accept > should address what you ask for, although I think people will want > to have a bit more control over how such an editor works. +1 I say such a control is impossible. Not in the "I don't know how so I say it's impossible" way but in the real "Not going to work" impossible way. Assuming you create a fully working WYSIWYG editor which can be styled (how? extensions to css as well? Sub-elements?) and customized (with like 100 attributes ranging from boldbutton="yes" to output="xhtml-strict") you're still not targeting 100% of users. Someone wants a feature which we didn't think of and we're back to native control vs. JavaScript implementation vs. XUL implementation... Best, Alex
Received on Tuesday, 27 March 2007 13:19:35 UTC