(sorry -- i forgot to enclosed the emails.)
please find them attached now.
- p
Forwarded message 1
unescaped html in "Valid CSS informations" is a potential security issue.
simple test case[1]:
body:before
{
content: "<script>alert('Hello World')</script>";
}
- p
(aside: i think "Valid CSS informations" should read "Valid CSS Statements"[2,3],
or simply just "Valid CSS".)
--
[1]
http://jigsaw.w3.org/css-validator/validator?text=body%3Abefore%0D%0A%7B%0D%0A++content%3A+%22%3Cscript%3Ealert%28%27Hello+World%27%29%3C%2Fscript%3E%22%3B%0D%0A%7D%0D%0A&warning=1&profile=css2&usermedium=all
[2] http://www.w3.org/TR/REC-CSS2/syndata.html#q5
[3] http://www.wsu.edu/~gordonl/ESL/answer1.htm
Paul Arzul wrote:
>
> a:before
> {
> content: "<b>bold</b>";
> }
>
> validates fine - but the validator generated html produced is:
>
> <b>bold</b>
>
> when it should[1] be:
>
> <b>bold</b>
>
> - p
>
> --
> 1. http://www.w3.org/TR/html4/charset.html#didx-character_entity_references
Forwarded message 2
kevin c smith wrote on webdesign-l (http://webdesign-L.com/):
>
> One thing you'll need to fix is that floated elements must have a width
> declared:
>
> <http://www.w3.org/TR/REC-CSS2/visuren.html#floats>
elements with intrinsic width include:
html, img, input, textarea, select, and object.
so the following should NOT create a warning:
img
{
float: right;
}
for non-replaced elements (i.e. elements with no intrinsic width),
could we please issue a warning if no width is given?
for example, the following paragraph rule set SHOULD create a
missing width warning:
p
{
float: right;
}
- p