Re: Proposal: Document.parse() [AKA: Implied Context Parsing] from Anne van Kesteren on 2012-06-05 (public-webapps@w3.org from April to June 2012)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 5 Jun 2012 09:58:02 +0200
To: Adam Barth <w3c@adambarth.com>
Cc: Ian Hickson <ian@hixie.ch>, Rafael Weinstein <rafaelw@google.com>, Webapps WG <public-webapps@w3.org>
Message-ID: <CADnb78gzERo=DLJyWmaT1Dmz5k1u46ksY6wJSz6XLHUgzPD2cg@mail.gmail.com>

On Tue, Jun 5, 2012 at 2:10 AM, Adam Barth <w3c@adambarth.com> wrote:
> Doesn't e4h have the same security problems as e4x?

If you mean http://code.google.com/p/doctype-mirror/wiki/ArticleE4XSecurity
I guess that would depend on how we define it.

A (bigger?) problem with E4H/H4E is that TC39 does not like it:
http://lists.w3.org/Archives/Public/public-script-coord/2011OctDec/thread.html#msg33
I'm not as optimistic as them that quasis just solve this (not compile
time, nobody has actually written out the "safehtml" definition), but
TC39 being against it does not help.


-- 
Anne — Opera Software
http://annevankesteren.nl/
http://www.opera.com/

Received on Tuesday, 5 June 2012 09:37:47 UTC