- From: Paul Libbrecht <paul@hoplahup.net>
- Date: Mon, 2 May 2011 23:34:25 +0200
- To: public-webapps <public-webapps@w3.org>
Hallvord, Le 2 mai 2011 à 09:00, Hallvord R. M. Steen a écrit : >> I am not at all against your proposal but I tend to see two reasons "against" it: >> - I expect mostly the server to be providing the HTML, the javascript code does probably not need to process it further (they trust each other!) > > I don't really understand this comment. We're talking about HTML that comes from the clipboard, not from the server. I think this is not at all contradictory. In many of the scenarios I have working for, the content to be put on the clipboard would come from a "luxury" knowledge structure on the server, one that has access to some semantic source and can infer useful representations out of it; these get put to the clipboard. An offline HTML would also be an example of it. Hence... I would not really need a DOM representation. (however, I wonder if a timer is going to be honoured for such a query to be finished somehow). >> - I suppose the security processing may be done under an optimized processing which is not really necessarily DOM-exposed > > Maybe, maybe not. To sanitise something that will be inserted into a DOM structure, I would think the safest thing would be processing it according to DOM algorithms while sanitising too. Sure. paul
Received on Monday, 2 May 2011 21:34:56 UTC