- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Tue, 12 May 2009 11:05:28 +1200
On Tue, May 12, 2009 at 4:16 AM, Adam Barth <whatwg at adambarth.com> wrote: > On Thu, May 7, 2009 at 3:24 AM, Kristof Zelechovski > <giecrilj at stegny.2a.pl> wrote: > > If toStaticHTML prunes everything it is not sure of, the danger of a > known > > language construct suddenly introducing active content is negligible. I > am > > sure HTML5 specification editors bear that aspect in mind and so shall > they > > in the future. > > Even if you believe that we've already committed to not introducing > active content that breaks toStaticHTML (which I'm not convinced we > have, especially because I don't know what algorithm it uses) I would be shocked if we have committed to not introducing active content that breaks IE8's toStaticHTML. That would be terribly limiting. (Does it prune the <video> and <audio> event attributes?) When you call innerStaticHTML it should prune everything that's unsafe for *this UA*. Authors should not send that content to other UAs and expect it to be safe for those UAs. Rob -- "He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6] -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090512/6cdd5007/attachment.htm>
Received on Monday, 11 May 2009 16:05:28 UTC