- From: Jorgen Horstink <mail@jorgenhorstink.nl>
- Date: Sat, 13 Jan 2007 00:34:44 +0100
On Jan 12, 2007, at 10:30 PM, James M Snell wrote: > > Anne van Kesteren wrote: >> [snip] >>> >>> Frames are a terrible solution. The content is after all a part >>> of the >>> page it's hosted in, but we want to sandbox it to make sure it can't >>> do any harm. >> >> The proposed alternative is severely underdefined and won't work >> for the >> foreseeable future anyway. >> [snip] > > Minor nit: > > s/proposed alternative/simple strawman to illustrate the point/ > > I just want the behavior or something that comes close without > necessarily having to resort to aggressive filtering. That is, I > don't > necessarily want to eliminate scripts from the comments, I just > want to > be able to limit their impact. > > Either way, I'm fully aware that any new invention here would take a > while to actually work. > > - James > Please provide a real use case. I second Anne's point of comment sanitation. Can you give me one single use case when it is useful to use ECMAScript in a comment on a blog? Secondly, just as Bjoern states; a malicious script could easily position new element on top of other elements. Or do you want to restrict that too? I cannot see what CSS has to do with it, since it is not a style issue, but a DOM access behavior issue. -- Jorgen
Received on Friday, 12 January 2007 15:34:44 UTC