W3C home > Mailing lists > Public > public-html@w3.org > March 2010

Re: AuthConfReq: Presentational Markup

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 30 Mar 2010 10:54:37 -0700
Cc: Aryeh Gregor <Simetrical+w3c@gmail.com>, HTML WG <public-html@w3.org>
Message-id: <8B6CEF0C-B208-450D-AAE3-93E893866B0C@apple.com>
To: Sam Ruby <rubys@intertwingly.net>

On Mar 30, 2010, at 2:30 AM, Sam Ruby wrote:

> I challenge the assertion that "the style attribute can be useful in  
> syndication".  See:
>
>  http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely
>
> Specifically, rules 9 and 10.  Rule 10 is not a theoretical problem,  
> it is exactly the one that Mark used for a prank that got feed  
> consumers to recognize this problem.
>
> I opened bug 7468[1] for exactly this reason:
>
>  "I intentionally use these attributes on my weblog as I know that
>  my entries will be syndicated, and that the alternatives (including
>  inline CSS) are clumsy and are less likely to survive the process
>  of syndication intact."
>
> Ian rejected it noting "works in all the browsers I tested".  I  
> reopened it suggesting that if he wished to close it based on  
> testing with user agents, he actually test against the ones that are  
> mentioned in the bug report itself, and provided a link to a number  
> of them:

I attached a test case to the bug. At least in Safari's built-in RSS  
reader, only the border attribute survived sanitization.

Regards,
Maciej
Received on Tuesday, 30 March 2010 17:55:10 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:00 UTC