On Mon, Sep 5, 2011 at 3:52 AM, Hallvord R. M. Steen <hallvord@opera.com>wrote: > On Mon, 05 Sep 2011 12:14:27 +0200, Anne van Kesteren <annevk@opera.com> > wrote: > > On Mon, 05 Sep 2011 12:13:35 +0200, Hallvord R. M. Steen < >> hallvord@opera.com> wrote: >> >>> As in <LINK rel=prefetch> and <LINK rel=stylesheet>? >>> >> >> Yes. But this would apply to <img> too of course; maybe they can become a >> blob URL or some such? >> > > Well, giving JS access to the clipboard's HTML will be next to useless if > we remove just about everything :-p For the record, I think the spec as-is > is too paranoid and that we probably should allow form elements (except > input type=hidden). > So the problem we found is that certain productivity apps insert local file paths, real user name, etc... into meta, link, etc... elements. This is problematic for users because users may not expect those information be exposed to the Web when pasting some contents simply since they're not visible. I think the middle ground will be to let implementors decide exactly which elements or attributes should be trimmed. - Ryosuke
Received on Tuesday, 6 September 2011 23:25:50 UTC