- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 25 Dec 2007 21:02:52 +0100
- To: www-style@w3.org
Hi,
In http://www.w3.org/TR/CSS21/grammar.html#scanner the productions
starting with "url(" need to be changed to start with {u}{r}{l}"(" instead
for more consistency with the rest of the CSS language. (IE7 and Firefox
already "break" with the specification here.)
I think personally I'd be very much in favor of introducing LITERAL_IDENT
or something in that direction that does not allow escapes and that we use
that instead of allowing escapes all over the language. This should also
make the language more secure in the sense that people are currently
probably only comparing property strings on an (ASCII) case-insensitive
basis and don't care at all about escapes, etc. On the other hand, most of
those filters are probably whitelist based, which would not expose them to
this, but it still feels sort of icky.
Kind regards,
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Tuesday, 25 December 2007 20:00:49 UTC