- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Thu, 10 Nov 2011 16:06:00 +0200
- To: public-webapps@w3.org
On Wed, Nov 9, 2011 at 9:54 AM, Adam Barth <w3c@adambarth.com> wrote: > Also, a div doesn't represent a security boundary. It's difficult to > sandbox something unless you have a security boundary around it. > IMHO, an easy way to solve this problem is to just exposes an > HTMLParser object, analogous to DOMParser, which folks can use to > safely parse HTML, DOMParser.parseFromString already takes a content type as the second argument. The plan is to support HTML parsing when the second argument is text/html. > e.g., from XMLHttpRequest. XMLHttpRequest Level 2 has built-in support for HTML parsing. No need to first get responseText and then pass it to something else. -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
Received on Thursday, 10 November 2011 14:06:37 UTC