[Bug 22466] [Custom]: Certain documents should not share registration contexts from bugzilla@jessica.w3.org on 2013-06-27 (public-webapps-bugzilla@w3.org from June 2013)

From: <bugzilla@jessica.w3.org>
Date: Thu, 27 Jun 2013 17:07:04 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-22466-2532-qFVVoE3aUY@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22466

Pete Blois <blois@google.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |blois@google.com

--- Comment #4 from Pete Blois <blois@google.com> ---
What is the behavior if a custom element is parsed in a document without access
to the registration context but then moved into a document with the
registration context?

In Dart, we are using document.implementation.createHTMLDocument to sanitize
untrusted content and need to have the opportunity to remove untrusted
elements. To mitigate XSS vectors Element.innerHTML will be sanitized by
default, and it would be nice to allow custom elements if they are trusted.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 27 June 2013 17:07:09 UTC