- From: Ian Hickson <py8ieh@bath.ac.uk>
- Date: Wed, 3 Nov 1999 07:37:23 +0000 (GMT)
- To: howcome@opera.com
- cc: www-style@w3.org
On Sun, 24 Oct 1999, Håkon Wium Lie wrote: > The distiction between presentation and user interface is somewhat > blurry and I support experiments in the field -- :hover is a good > example. I think, however, that all new proposals for CSS should be > declarative; adding executable code to content labeled as "text/css" > (which is proposed by [1]) is too much of a break with the past. For > example, the last line of CSS1 [2] -- before Appendix A -- states: > > We do not expect CSS to evolve into: > a programming language Note that BECSS is _not_ a programming language. It is still just property-value pairs, it is just that the values this time are in a language that can be executed. (Typically, ECMAScript.) CSS itself is still not a programming language. > The RFC [1] which describes the "text/css" content type says, under > "Security considerations": > > CSS style sheets consist of declarative property/value pairs > assigned to element selectors. They contain no executable code. > > I do not think it is prudent to remove the "no" in the last sentence > at this point. > > I believe it's in everyone's long term interest -- including web > designers -- that executable code is kept out of CSS. Why? Executable code already appears in HTML. Moving it to CSS adds no security problems that are not present already, but makes the life of web authors significantly simpler. What does anyone gain by forcing the user-select: text; ...and onBlur: "validateData()"; ...to be in different files? -- Ian Hickson "I take a Professor Bullett approach to my answers. There's a high probability that they may be right." -- Dr Snow; Mechanics Lecturer at Bath University; 1999-03-04
Received on Wednesday, 3 November 1999 02:37:26 UTC