Re: NodeSelector, :visited, and :link

On Aug 26, 2010, at 12:14 AM, Garrett Smith <dhtmlkitchen@gmail.com> wrote:

> On 8/25/10, Brad Kemper <brad.kemper@gmail.com> wrote:
>> 
>> On Aug 25, 2010, at 10:42 PM, Garrett Smith <dhtmlkitchen@gmail.com> wrote:
>> 
>>> On 8/25/10, Brad Kemper <brad.kemper@gmail.com> wrote:
>>>> 
>>>> 
>>>> On Aug 25, 2010, at 9:25 PM, Garrett Smith <dhtmlkitchen@gmail.com>
>>>> wrote:
>>>> 
> [...]
>> If "and?" was instead intended to mean "and given that it is a serious
>> security issue, then why not address my earlier point about making the moe
>> secure behavior required instead of optional,", then I'd say one reason is
>> that not all UAs are Web browsers. For instance, for an HTML-based help
>> system, authored entirely by a controlled OS team, and unable to browse the
>> Web, it might be more important to be able to differentiate responses based
>> on what help files you've already seen, than to deal with a threat that
>> doesn't really apply to it in it's limited scope.
> 
> Fine example there. This doesn't work in most browsers and so any
> developer tasked with that might try it. If he finds that it works in
> the one browser that he's required to support, he'll use it. A
> non-interoperable website is born.

I think it is fine to make a security recommendation for general Web browsers, and I fully expect that the major-market-share browsers will follow that anyway, due to general market forces and a need to be considered as secure as the competition. 

However, I'll say again, "not all UAs are Web browsers", and CSS is supposed to accommodate other uses too. 

EPUB is another example that uses CSS, where content doesn't usually link to the Web (the devices might not even support network connections), but might have internal links to chapters with graphic indications of what chapters you've started. Why should they be expected to abide by that restriction when it doesn't make any sense to them?