(sorry -- i forgot to enclosed the emails.) please find them attached now. - p
attached mail follows:
unescaped html in "Valid CSS informations" is a potential security issue. simple test case[1]: body:before { content: "<script>alert('Hello World')</script>"; } - p (aside: i think "Valid CSS informations" should read "Valid CSS Statements"[2,3], or simply just "Valid CSS".) -- [1] http://jigsaw.w3.org/css-validator/validator?text=body%3Abefore%0D%0A%7B%0D%0A++content%3A+%22%3Cscript%3Ealert%28%27Hello+World%27%29%3C%2Fscript%3E%22%3B%0D%0A%7D%0D%0A&warning=1&profile=css2&usermedium=all [2] http://www.w3.org/TR/REC-CSS2/syndata.html#q5 [3] http://www.wsu.edu/~gordonl/ESL/answer1.htm Paul Arzul wrote: > > a:before > { > content: "<b>bold</b>"; > } > > validates fine - but the validator generated html produced is: > > <b>bold</b> > > when it should[1] be: > > <b>bold</b> > > - p > > -- > 1. http://www.w3.org/TR/html4/charset.html#didx-character_entity_references
attached mail follows:
kevin c smith wrote on webdesign-l (http://webdesign-L.com/): > > One thing you'll need to fix is that floated elements must have a width > declared: > > <http://www.w3.org/TR/REC-CSS2/visuren.html#floats> elements with intrinsic width include: html, img, input, textarea, select, and object. so the following should NOT create a warning: img { float: right; } for non-replaced elements (i.e. elements with no intrinsic width), could we please issue a warning if no width is given? for example, the following paragraph rule set SHOULD create a missing width warning: p { float: right; } - pReceived on Monday, 24 March 2003 17:07:33 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:00:50 UTC