- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 10 May 2012 22:31:02 +0000 (UTC)
- To: Erik Arvidsson <arv@chromium.org>
- cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Anne van Kesteren <annevk@annevk.nl>, Yehuda Katz <wycats@gmail.com>, Jonas Sicking <jonas@sicking.cc>, Henri Sivonen <hsivonen@iki.fi>, Rafael Weinstein <rafaelw@google.com>, Webapps WG <public-webapps@w3.org>
On Thu, 10 May 2012, Erik Arvidsson wrote:
> On Thu, May 10, 2012 at 3:18 PM, Ian Hickson <ian@hixie.ch> wrote:
> > Yes, I understand that. But what's the use case?
>
> http://code.google.com/p/dart/source/search?q=new%5CsElement%5C.html%5C%28&origq=new%5CsElement%5C.html%5C%28&btnG=Search+Trunk
>
> I'm sure you can find a bunch of jQuery usages too.
None of the examples I see there seem to be cases where the parsing code
doesn't know what's going on ahead of time. As far as I can tell, they
could all easily just take an argument saying what parse mode to use, and
avoid all the problems of magically determining the parse mode; e.g. it
would allow the examples inserting <style> blocks to insert the contents
into existing <style> blocks instead of creating new ones, and it would
not run the risk of the parse mode changing unexpectedly due to unescaped
content in the various places that seem to be prone to injection attacks
(though maybe the \${} syntax is some sort of magically autoescaping
syntax? Though I don't see how it could be, it doesn't seem to have enough
context either).
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 10 May 2012 22:31:27 UTC