- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 11 Feb 2009 16:22:18 -0800
- To: Lachlan Hunt <lachlan.hunt@lachy.id.au>
- Cc: Larry Masinter <masinter@adobe.com>, HTML WG <public-html@w3.org>
On Wed, Feb 11, 2009 at 3:56 PM, Lachlan Hunt <lachlan.hunt@lachy.id.au> wrote: > * Renaming <script> to <handler> > - Unnecessarily renaming, effectively introduces a second element for > exactly the same purpose. This is something i'd be very concerned about. I don't care that much about the fact that there would be two elements with exactly, or almost, the same functionality. The only downside with that would be a little implementation hassle and maybe some author confusion. The much bigger problem is a security concern. There are loads of sites out there that filter out <script> elements from things like blog comments and forum postings to avoid XSS issues. It would be a big problem if this could be worked around by attackers by simply using <handler> instead. / Jonas
Received on Thursday, 12 February 2009 00:22:53 UTC