Re: E4H and constructing DOMs from Mike Samuel on 2013-03-08 (public-script-coord@w3.org from January to March 2013)

From: Mike Samuel <mikesamuel@gmail.com>
Date: Thu, 7 Mar 2013 20:54:25 -0500
To: "public-script-coord@w3.org" <public-script-coord@w3.org>
Message-ID: <CACod6GtUFjoJ0Djd7mMftjVn8RetUvs-+ar2NzVHhWD2MF7Gzw@mail.gmail.com>

[Resending as I dropped CC]

2013/3/7 Adam Barth <w3c@adambarth.com>:
> I don't think I fully understood your message because it was quite
> long and contained many complex external references.  What I've
> understood you to say is that you've managed to work around the
> limitations of the current string-based template design by building a
> complex mechanism for automatically escaping untrusted data.

I designed the current string-based template design to interface well
with a simple grammar driven approach.

> Rather than forcing authors to layer complex (and therefore
> error-prone) systems on top of a string-based template system, we
> should instead provide authors with an AST-based template system that
> avoids these security pitfalls.

Did you read my critique of AST-based template systems?

Received on Friday, 8 March 2013 01:54:52 UTC