Re: Seamless iframes + CSS3 selectors = bad idea

When I say parse I mean apply.. or what ever term is used to apply a
property to an element.

-- Eduardo
http://www.sirdarckcat.net/

Sent from Hangzhou, 33, China

On Mon, Dec 7, 2009 at 4:42 PM, sird@rckc.at <sird@rckc.at> wrote:

> Hi!
>
> Thanks thomas, understood :)
>
> Regarding this problem, I think we can't really fix the CSS3 selectors
> since several browsers already implement it, so the thread was about the
> seamless iframes on html5.
>
> Could it be possible to NOT parse this selectors inside seamless iframes?
>
> I mean, the frame would parse everything except for selectors that match
> text..
>
> That at least wont introduce a new vulnerability on seamless iframes, and I
> think is a fair sacrifice (not use *= $= and ^= selectors inside the
> seamless iframes) for security.
>
>
> Greetings!!
> -- Eduardo
> http://www.sirdarckcat.net/
>
> Sent from Hangzhou, 33, China
>
> On Mon, Dec 7, 2009 at 2:35 AM, Thomas Roessler <tlr@w3.org> wrote:
>
>> On 6 Dec 2009, at 10:22, sird@rckc.at wrote:
>>
>> I understood only members/invited.experts had a real vote in it..
>>
>> Even if you're not an invited expert (or member rep) in a WG, public
>> comments must be taken seriously. If groups don't do that, fora like this
>> list (or explicitly saying that you don't agree to a group's disposition of
>> a comment) are fairly useful mechanism to draw attention to problems.
>>
>> As far as the W3C HTML Working Group is concerned, see also:
>>   http://www.w3.org/2007/04/html-ie-faq
>>
>> Regards,
>> --
>> Thomas Roessler, W3C  <tlr@w3.org>
>>
>>
>

Received on Monday, 7 December 2009 08:44:14 UTC