Pseudo-namespaces (was: RE: Extensibility strategies, was: Deciding in public (Was: SVGWG SVG-in-HTML proposal))

> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke@gmx.de]
> Sent: Saturday, August 02, 2008 3:46 AM
> To: Justin James
> Cc: 'Ian Hickson'; 'Sam Ruby'; 'HTML WG'
> Subject: Re: Extensibility strategies, was: Deciding in public (Was:
> SVGWG SVG-in-HTML proposal)
> 
> >> Anyway: if this is a serious suggestion, we should discuss adding
> >> advice
> >> to HTML5 telling people that if they choose a URI as class name,
> they
> >> need to be sure that they have the authority to use it.
> >
> > Depends on the wording, what if I want to use a 3rd party item (like
> the external JavaScript libraries calling third-party controls)?
> 
> Could you elaborate on that? Are you wondering whether a syntax like
> this could be used to automatically download associated scripts? (to
> which my answer would be: hopefully not :-)

For example, if the page I am authoring is located at:
http://www.sitea.com/pages/page4.html

and it contains a class name:
http://www.someothersite.com/price

what happens? Should it be rejected? Let's make it even more interesting... let's say the style sheet I used came from:
http://www.someothersite.com/css/style1.css

Now, the class comes from the same pseudo-namespace (as I have decided to call this concept) as the stylesheet. Does that change the dynamics at all?

Or to rephrase, should the browser be performing any kind of security checks/sandboxing/cross domain restrictions on the pseudo-namespace, even though it does not mean a hill of beans at the CSS level? Or should the browser treat all class names a "dumb values", even if it does not (as we hashed out in the last message) actually download/execute/etc. a pseudo-namespaced class?

I think it should not enforce anything here, but we may want to.

J.Ja

Received on Saturday, 2 August 2008 13:31:21 UTC