Re: CSS 4?

On 10/30/03 3:23 AM, "Rijk van Geijtenbeek" <> wrote:

> Hello Tantek,
> On Thursday, October 30, 2003 you wrote:
>>>  body { background: url("javascript:alert(\'Hello\ again!\
>>> (background)\')");
>>> }
>>> possible right now, and shows a dialog in at least two browsers.
>> If you take something which is safe, mix it with something that is unsafe,
>> you end up with a result that is unsafe.
> And if you disable JavaScript in Opera (with the F12 quick prefs), you
> will not get the popup. No need to disable styling or go into user
> mode.

Precisely Rijk.

The same thing happens in IE/Mac and IE/Windows.  If you disable scripting
(in IE5/Mac uncheck "Enable scripting", in IE6/Windows Internet Options,
Security, Custom..., Security Settings, choose the "Disable" radio button
under "Active scripting") you will not get the popup(s).  No need to disable

> This can be used to support both sides of the argument though ;)

I don't see how, seeing how CSS without javascript in this case works fine,
and adding javascript causes problems, therefore javascript is the problem.


Received on Thursday, 30 October 2003 06:52:49 UTC