- From: Mason Freed <notifications@github.com>
- Date: Fri, 20 Nov 2020 09:54:54 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 20 November 2020 17:55:07 UTC
> @mfreed7 the complexity is not so much with the numbers of lines that will change, but with the number of different ways of invoking the HTML parser increasing. The differences between no-script/script and fragment/no-fragment have all been cause of various security issues over the years. @annevk I do understand this point, and I agree. The only counter-point I have is that both script/no-script and fragment/no-fragment have implications in multiple places within the parser. The DSD/no-DSD "mode" only affects exactly one place in the parser - in the `A start tag whose tag name is "template"` section of [the in-head insertion mode](https://html.spec.whatwg.org/multipage/parsing.html#parsing-main-inhead). I know you haven't seen the updated spec PR yet, but my hope is that once you see it, some of your concerns will be alleviated. Either way, I'm very open to suggestions for alternate/better ways to work around the "old sanitizers" issue here. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-731319007
Received on Friday, 20 November 2020 17:55:07 UTC