- From: Ian Hickson <ian@hixie.ch>
- Date: Mon, 11 Mar 2013 23:32:48 +0000 (UTC)
- To: Mike Samuel <mikesamuel@gmail.com>
- cc: "public-script-coord@w3.org" <public-script-coord@w3.org>
On Mon, 11 Mar 2013, Mike Samuel wrote:
>
> Ok. So it's not a goal of E4H to be safe against XSS by default then.
Autoescaping isn't safe by default either, by that definition.
E4H's design goals were:
- to provide compile-time syntax checking for in-script DOM tree creation
- to provide in-script DOM tree creation in a terse and intuitive fashion
- to provide syntactic sugar for the most common use cases for in-script
DOM tree creation, specifically:
* inserting strings into attribute values
* inserting strings into element contents
* setting HTML boolean attributes conditionally based on an expression
- to have good performance characteristics:
* only parse things once
* minimise string copying
* avoid using the HTML parser
- to have good security characteristics:
* provide a model that is conceptually simple
* allow arbitrary strings to be embedded in DOM trees in a way that
does not allow arbitrary elements or attributes to be created
I believe it succeeds at all of these, though I am happy to hear
suggestions for how to better address them or how to address other goals
if those can be met without compromising on the above.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 11 March 2013 23:33:13 UTC