W3C home > Mailing lists > Public > public-html@w3.org > May 2009

RE: HTML interpreter vs. HTML user agent

From: Ian Hickson <ian@hixie.ch>
Date: Sun, 31 May 2009 17:58:14 +0000 (UTC)
To: Larry Masinter <masinter@adobe.com>
Cc: HTML WG <public-html@w3.org>
Message-ID: <Pine.LNX.4.62.0905311754460.11443@hixie.dreamhostps.com>
On Sun, 31 May 2009, Larry Masinter wrote:
> About Safari's feed reader, Maciej wrote:
> > 2) We can also display a user-selected collection of feeds as one  
> > document, again displayed as HTML.
> > 3) We don't execute any script that came from the feed in the context  
> > of generated HTML document. At the very least due to point #2 this  
> > would be insecure.
> > 4) We don't let any web page access the contents of the generated HTML  
> > document via script.
> Doesn't this somehow create a "restricted HTML" which is allowed in
> a feed? The HTML in a feed can't be scripted at all? Or the scripts
> can't access the HTML of their subsection?
> I was wondering how HTML-in-webmail could work, since the HTML of
> the mail needs to be embedded in the HTML of the webmail client itself.
> Where in the HTML spec is this addressed?

Just turning off scripting is just a matter of setting "scripting is 


One could leverage the sandbox features to disable forms, plugins, 
navigation of other browsing contexts, and to make the origin appear to be 
a unique origin:


...though that's not been requested by implementors so far.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 31 May 2009 17:58:50 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:47 UTC