- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Thu, 3 Apr 2008 14:17:56 +0300
- To: Jeff Schiller <codedread@gmail.com>
- Cc: "Ian Hickson" <ian@hixie.ch>, "Sam Ruby" <rubys@us.ibm.com>, public-html@w3.org, www-math@w3.org
On Apr 3, 2008, at 14:00, Jeff Schiller wrote: > At least from a parsing perspective, this 'new processing mode' that > Sam and others have suggested (for lack of a better term, 'XML5' ?) > should suck up the character stream until it finds the matching > closing tag. If it _NEVER_ receives the closing tag, then it should > reject the entire stream, passing all the characters back to the > HTML5 parser. Solutions with which different parts of the page become scripts depending of where you put the EOF are no good from a security point of view. (Already explored numerous times.) On top of that, rewinding the stream partially is even worse from the implementation point of view that rewinding the stream fully as in the encoding sniffing case. -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
Received on Thursday, 3 April 2008 11:18:42 UTC