- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 25 Jun 2010 00:36:12 -0700
- To: Doug Turner <doug.turner@gmail.com>
- Cc: Drew Wilson <atwilson@google.com>, public-webapps@w3.org, John Gregg <johnnyg@google.com>
On Thu, Jun 24, 2010 at 1:29 PM, Doug Turner <doug.turner@gmail.com> wrote: > Hey Drew, > >> I think this is too vague, as it's sounds like a user agent could *not* ignore markup in the string, and still be compliant with the spec. I think we need to be very explicit that the string *must* be treated as plain text. So if I pass in "><b>foo</b>" as the body parameter to createNotification(), the resulting notification must display the string "><b>foo</b>", without stripping or converting any of the substrings that might look like HTML entities. > > Yup. we should tighten up the language. i think we are on the same page here. I definitely like the direction this is heading. If we tighten the language up I would be all for supporting this in firefox. It still needs to pass through our usual security review and all that, but I suspect we can make something work. / Jonas
Received on Friday, 25 June 2010 07:37:05 UTC