W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2009

[whatwg] innerStaticHTML

From: Robert O'Callahan <robert@ocallahan.org>
Date: Tue, 12 May 2009 11:05:28 +1200
Message-ID: <11e306600905111605o15998127hfd07e93592bce7c8@mail.gmail.com>
On Tue, May 12, 2009 at 4:16 AM, Adam Barth <whatwg at adambarth.com> wrote:

> On Thu, May 7, 2009 at 3:24 AM, Kristof Zelechovski
> <giecrilj at stegny.2a.pl> wrote:
> > If toStaticHTML prunes everything it is not sure of, the danger of a
> known
> > language construct suddenly introducing active content is negligible.  I
> am
> > sure HTML5 specification editors bear that aspect in mind and so shall
> they
> > in the future.
> Even if you believe that we've already committed to not introducing
> active content that breaks toStaticHTML (which I'm not convinced we
> have, especially because I don't know what algorithm it uses)

I would be shocked if we have committed to not introducing active content
that breaks IE8's toStaticHTML. That would be terribly limiting. (Does it
prune the <video> and <audio> event attributes?)

When you call innerStaticHTML it should prune everything that's unsafe for
*this UA*. Authors should not send that content to other UAs and expect it
to be safe for those UAs.

"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090512/6cdd5007/attachment.htm>
Received on Monday, 11 May 2009 16:05:28 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:12 UTC