Re: Supporting MathML and SVG in text/html, and related topics

Dnia 10-04-2008, Cz o godzinie 09:51 +0000, Ian Hickson pisze:

> On Sat, 4 Nov 2006, Paul Topping wrote:
> >
> > Elements whose namespaces aren't known should be handled like any other 
> > unknown HTML element. I believe the common way for user agents to handle 
> > an unknown element is basically to ignore the tag and its attributes and 
> > treat any text between start and end tags as if the tags weren't there. 
> > Namespaces do not present any new challenge in this area. "Bogus 
> > namespaces" are no more of a security risk than bogus HTML tags. It is 
> > only the ones that ARE processed by the user agent that represent 
> > potential security risks.
> The problem is legacy content like:
>    <html>
>     <foo xmlns="bogus namespace">
> of HTML document...
> We don't want to make the whole document get ignored.

An example of such a tag is Microsoft HTML application indicator 
which is empty by design.
But how does Paul’s recipe amount to ignoring the whole document?

> If anyone is actually reading this 3363 line e-mail, I'm
> impressed. Please do let me know that you read this.

I do not do bungee jumping though.  

Received on Thursday, 17 April 2008 05:55:17 UTC