Re: HTML interpreter vs. HTML user agent

On May 31, 2009, at 7:54 AM, Larry Masinter wrote:

> About Safari's feed reader, Maciej wrote:
>
>> 2) We can also display a user-selected collection of feeds as one
>> document, again displayed as HTML.
>> 3) We don't execute any script that came from the feed in the context
>> of generated HTML document. At the very least due to point #2 this
>> would be insecure.
>> 4) We don't let any web page access the contents of the generated  
>> HTML
>> document via script.
>
> Doesn't this somehow create a "restricted HTML" which is allowed in
> a feed? The HTML in a feed can't be scripted at all? Or the scripts
> can't access the HTML of their subsection?
>
> I was wondering how HTML-in-webmail could work, since the HTML of
> the mail needs to be embedded in the HTML of the webmail client  
> itself.

Current Mail clients (and, effectively, Safari's display of HTML  
snippets from RSS or Atom) disable scripting.

>
> Where in the HTML spec is this addressed?

The HTML spec has a conformance class for "User agents with no  
scripting support" that would apply to this situation. It doesn't say  
what kinds of implementations should or should not enable scripting,  
as that may change over time.

Regards,
Maciej

Received on Sunday, 31 May 2009 22:51:05 UTC