- From: Justin James <j_james@mindspring.com>
- Date: Sat, 2 Aug 2008 09:30:37 -0400
- To: "'Julian Reschke'" <julian.reschke@gmx.de>
- Cc: "'Ian Hickson'" <ian@hixie.ch>, "'Sam Ruby'" <rubys@us.ibm.com>, "'HTML WG'" <public-html@w3.org>
> -----Original Message----- > From: Julian Reschke [mailto:julian.reschke@gmx.de] > Sent: Saturday, August 02, 2008 3:46 AM > To: Justin James > Cc: 'Ian Hickson'; 'Sam Ruby'; 'HTML WG' > Subject: Re: Extensibility strategies, was: Deciding in public (Was: > SVGWG SVG-in-HTML proposal) > > >> Anyway: if this is a serious suggestion, we should discuss adding > >> advice > >> to HTML5 telling people that if they choose a URI as class name, > they > >> need to be sure that they have the authority to use it. > > > > Depends on the wording, what if I want to use a 3rd party item (like > the external JavaScript libraries calling third-party controls)? > > Could you elaborate on that? Are you wondering whether a syntax like > this could be used to automatically download associated scripts? (to > which my answer would be: hopefully not :-) For example, if the page I am authoring is located at: http://www.sitea.com/pages/page4.html and it contains a class name: http://www.someothersite.com/price what happens? Should it be rejected? Let's make it even more interesting... let's say the style sheet I used came from: http://www.someothersite.com/css/style1.css Now, the class comes from the same pseudo-namespace (as I have decided to call this concept) as the stylesheet. Does that change the dynamics at all? Or to rephrase, should the browser be performing any kind of security checks/sandboxing/cross domain restrictions on the pseudo-namespace, even though it does not mean a hill of beans at the CSS level? Or should the browser treat all class names a "dumb values", even if it does not (as we hashed out in the last message) actually download/execute/etc. a pseudo-namespaced class? I think it should not enforce anything here, but we may want to. J.Ja
Received on Saturday, 2 August 2008 13:31:21 UTC