- From: Maciej Stachowiak <mjs@apple.com>
- Date: Sun, 31 May 2009 15:50:26 -0700
- To: Larry Masinter <masinter@adobe.com>
- Cc: Adam Barth <w3c@adambarth.com>, Sam Ruby <rubys@intertwingly.net>, Anne van Kesteren <annevk@opera.com>, "Roy T. Fielding" <fielding@gbiv.com>, HTML WG <public-html@w3.org>
On May 31, 2009, at 7:54 AM, Larry Masinter wrote: > About Safari's feed reader, Maciej wrote: > >> 2) We can also display a user-selected collection of feeds as one >> document, again displayed as HTML. >> 3) We don't execute any script that came from the feed in the context >> of generated HTML document. At the very least due to point #2 this >> would be insecure. >> 4) We don't let any web page access the contents of the generated >> HTML >> document via script. > > Doesn't this somehow create a "restricted HTML" which is allowed in > a feed? The HTML in a feed can't be scripted at all? Or the scripts > can't access the HTML of their subsection? > > I was wondering how HTML-in-webmail could work, since the HTML of > the mail needs to be embedded in the HTML of the webmail client > itself. Current Mail clients (and, effectively, Safari's display of HTML snippets from RSS or Atom) disable scripting. > > Where in the HTML spec is this addressed? The HTML spec has a conformance class for "User agents with no scripting support" that would apply to this situation. It doesn't say what kinds of implementations should or should not enable scripting, as that may change over time. Regards, Maciej
Received on Sunday, 31 May 2009 22:51:05 UTC