W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

Re: [webcomponents] Template element parser changes => Proposal for adding DocumentFragment.innerHTML

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 10 May 2012 22:31:02 +0000 (UTC)
To: Erik Arvidsson <arv@chromium.org>
cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Anne van Kesteren <annevk@annevk.nl>, Yehuda Katz <wycats@gmail.com>, Jonas Sicking <jonas@sicking.cc>, Henri Sivonen <hsivonen@iki.fi>, Rafael Weinstein <rafaelw@google.com>, Webapps WG <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.64.1205102227420.25792@ps20323.dreamhostps.com>
On Thu, 10 May 2012, Erik Arvidsson wrote:
> On Thu, May 10, 2012 at 3:18 PM, Ian Hickson <ian@hixie.ch> wrote:
> > Yes, I understand that. But what's the use case?
> http://code.google.com/p/dart/source/search?q=new%5CsElement%5C.html%5C%28&origq=new%5CsElement%5C.html%5C%28&btnG=Search+Trunk
> I'm sure you can find a bunch of jQuery usages too.

None of the examples I see there seem to be cases where the parsing code 
doesn't know what's going on ahead of time. As far as I can tell, they 
could all easily just take an argument saying what parse mode to use, and 
avoid all the problems of magically determining the parse mode; e.g. it 
would allow the examples inserting <style> blocks to insert the contents 
into existing <style> blocks instead of creating new ones, and it would 
not run the risk of the parse mode changing unexpectedly due to unescaped 
content in the various places that seem to be prone to injection attacks 
(though maybe the \${} syntax is some sort of magically autoescaping 
syntax? Though I don't see how it could be, it doesn't seem to have enough 
context either).

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 10 May 2012 22:31:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:34 UTC