Re: html template string handler WAS: E4H and constructing DOMs from Adam Barth on 2013-03-11 (public-script-coord@w3.org from January to March 2013)

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 11 Mar 2013 13:12:58 -0700
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Ian Hickson <ian@hixie.ch>, Ojan Vafai <ojan@chromium.org>, "public-script-coord@w3.org" <public-script-coord@w3.org>
Message-ID: <CAJE5ia-uzMbOvk_DLEmAOJvu+uWjHOLT+Xiysa5nxcmOJiKq+A@mail.gmail.com>

On Mon, Mar 11, 2013 at 12:55 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Mon, Mar 11, 2013 at 7:12 PM, Adam Barth <w3c@adambarth.com> wrote:
>> I'd recommend restricting untrusted data to text nodes.  That means we
>> wouldn't be able to support those sorts of templates becaue {foo}
>> would need to expand to something other than a text node.
>
> You mean not addressing the use cases related to attributes?

Yes.  (Note: E4H doesn't let template inputs expand to anything other
than a text node either.)

Adam

Received on Monday, 11 March 2013 20:13:57 UTC