Re: AuthConfReq: Presentational Markup

On 03/30/2010 12:14 AM, Maciej Stachowiak wrote:
>
> On Mar 29, 2010, at 12:43 PM, Aryeh Gregor wrote:
>
>> On Sat, Mar 27, 2010 at 4:43 PM, Maciej Stachowiak <mjs@apple.com> wrote:
>>> Banning <font> in general, rather than, say, only when used in a way
>>> that
>>> actually harms accessibility, is analogous to this reasoning. By
>>> having the
>>> blanket ban, we avoid the presumed negative externality, without
>>> having to
>>> closely inquire about the particular circumstances of each use. The
>>> latter
>>> requires too much judgment for a conformance checker.
>>
>> Why does this not imply that style="" should be an error as well? The
>> spec gives reasons for why not all inline presentational markup is
>> banned, but I see no reason given for why only style="" was kept, and
>> not other presentational markup as well.
>
> It does try to give a reason; you could question whether it is a good
> reason, but it's there. I assume from your wording that you overlooked
> this rather than merely finding it inadequate:
>
> "The only remaining presentational markup features in HTML are the style
> attribute and the style element. Use of the style attribute is somewhat
> discouraged in production environments, but it can be useful for rapid
> prototyping (where its rules can be directly moved into a separate style
> sheet later) and for providing specific styles in unusual cases where a
> separate style sheet would be inconvenient. Similarly, the style element
> can be useful in syndication or for page-specific styles, but in general
> an external style sheet is likely to be more convenient when the styles
> apply to multiple pages."
> <http://dev.w3.org/html5/spec/Overview.html#presentational-markup>

I challenge the assertion that "the style attribute can be useful in 
syndication".  See:

   http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely

Specifically, rules 9 and 10.  Rule 10 is not a theoretical problem, it 
is exactly the one that Mark used for a prank that got feed consumers to 
recognize this problem.

I opened bug 7468[1] for exactly this reason:

   "I intentionally use these attributes on my weblog as I know that
   my entries will be syndicated, and that the alternatives (including
   inline CSS) are clumsy and are less likely to survive the process
   of syndication intact."

Ian rejected it noting "works in all the browsers I tested".  I reopened 
it suggesting that if he wished to close it based on testing with user 
agents, he actually test against the ones that are mentioned in the bug 
report itself, and provided a link to a number of them:

   http://en.wikipedia.org/wiki/Comparison_of_feed_aggregators

I developed Planet Venus[2] (used by Planet HTML5[3], for example), 
which does allow a selected subset of style attributes through.  You can 
see my early work here:

   http://intertwingly.net/blog/2006/05/12/Blogging-with-Style

And later work here:

   http://wiki.whatwg.org/wiki/Sanitization_rules#CSS_Rules

Short version: all credible feed consumers sanitize.  In general, 
sanitization of style attributes is largely a hard problem and not well 
researched; most don't bother, and the few that do take significant 
shortcuts.

> Regards,
> Maciej

- Sam Ruby

[1] http://www.w3.org/Bugs/Public/show_bug.cgi?id=7468
[2] http://intertwingly.net/code/venus/
[3] http://www.w3.org/html/planet/

Received on Tuesday, 30 March 2010 09:31:45 UTC