- From: Jan Roland Eriksson <jrexon@newsguy.com>
- Date: Thu, 03 Aug 2000 20:16:46 +0200
- To: www-style@w3.org
On Thu, 3 Aug 2000 19:51:34 +0200 (W. Europe Daylight Time), Håkon Wium
Lie <howcome@opera.com> wrote:
>Also sprach Matthew Brealey:
> > style type="text/css" add <>
> > @script {
> > function screw() {
> > Thus, I believe it is possible to produce a CSS virus, which is not cool
> > at all, particularly in view of the stuff in CSS1 about CSS not becoming
> > a programming language (it didn't say CSS wouldn't become a virus, but I
> > suppose that was obvious).
>
>As you have shown, CSS becomes a security risk if @script is added.
>Which is why I personally oppose this extension.
And the whole idea about a connection between CSS and script engines in
UA's gave raise to a few "comments" when BeCSS was first presented.
That did not stop a certain UA vendor to go ahead with it though :-(
--
Jan Roland Eriksson <jrexon@newsguy.com>
<URL:http://member.newsguy.com/%7Ejrexon/>
Received on Thursday, 3 August 2000 14:16:28 UTC