Re: clipboard events

On Mon, 27 Dec 2010 06:24:39 +0100, Robert O'Callahan  
<robert@ocallahan.org> wrote:
> The sanitization algorithm needs to consider <style> elements and 'style'
> content attributes. Some browsers, e.g. IE, support CSS features that  
> allow script execution.

I think it might be better to define this in the opposite way. I.e. list  
the things we want to allow through. This will probably lead to a longer  
list, but at least safeguards against future features and gives the right  
example to people who happen to look at this document for sanitizing ideas.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Monday, 3 January 2011 13:29:21 UTC