- From: Krzysztof Żelechowski <giecrilj@stegny.2a.pl>
- Date: Wed, 16 Apr 2008 21:26:37 +0200
- To: Ian Hickson <ian@hixie.ch>
- Cc: whatwg@whatwg.org, public-html@w3.org, www-math@w3.org, www-svg@w3.org
Dnia 10-04-2008, Cz o godzinie 09:51 +0000, Ian Hickson pisze: > On Sat, 4 Nov 2006, Paul Topping wrote: > > > > Elements whose namespaces aren't known should be handled like any other > > unknown HTML element. I believe the common way for user agents to handle > > an unknown element is basically to ignore the tag and its attributes and > > treat any text between start and end tags as if the tags weren't there. > > Namespaces do not present any new challenge in this area. "Bogus > > namespaces" are no more of a security risk than bogus HTML tags. It is > > only the ones that ARE processed by the user agent that represent > > potential security risks. > > The problem is legacy content like: > > <html> > <foo xmlns="bogus namespace"> > ...rest of HTML document... > > We don't want to make the whole document get ignored. An example of such a tag is Microsoft HTML application indicator which is empty by design. But how does Paul’s recipe amount to ignoring the whole document? > If anyone is actually reading this 3363 line e-mail, I'm > impressed. Please do let me know that you read this. I do not do bungee jumping though.
Received on Thursday, 17 April 2008 05:55:17 UTC