- From: Shelby Moore <shelby@coolpage.com>
- Date: Mon, 06 Jan 2003 10:55:13 -0600
- To: Ian Hickson <ian@hixie.ch>
- Cc: www-style@w3.org
>> From a security point of view, allowing links to active content in styles is >> dangerous. Stylesheets are expected by many to be free of active content, >> and are allowed in places such as user-submitted content, HTML e-mail etc. > >This is a very valid concern, and is very much of interest to me. > >There are several possible solutions. > >One is to suggest to the XML team that a new attribute be introduced, >xml:scripting or some such, which could indicate that everything from that >element and deeper should be unable to execute associated script. Oh that is just great idea! Now XBL will require changes in every major W3C standard (DOM, CSS, XML). XSLT is much cleaner way to abstract the scripting from the markup. As Daniel once wrote, "why use a hammer to swat flies"? "Hammer" being making XBL a standard. "FIies" being the mechanism to abstract scripting from the markup. -Shelby Moore
Received on Monday, 6 January 2003 11:54:21 UTC