On Tue, May 12, 2009 at 4:16 AM, Adam Barth <span dir="ltr"><<a href="mailto:whatwg@adambarth.com">whatwg@adambarth.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On Thu, May 7, 2009 at 3:24 AM, Kristof Zelechovski<br><div><div class="h5">
<<a href="mailto:giecrilj@stegny.2a.pl">giecrilj@stegny.2a.pl</a>> wrote:<br>
> If toStaticHTML prunes everything it is not sure of, the danger of a known<br>
> language construct suddenly introducing active content is negligible. I am<br>
> sure HTML5 specification editors bear that aspect in mind and so shall they<br>
> in the future.<br>
<br>
</div></div>Even if you believe that we've already committed to not introducing<br>
active content that breaks toStaticHTML (which I'm not convinced we<br>
have, especially because I don't know what algorithm it uses)</blockquote><div> </div><div>I would be shocked if we have committed to not introducing active content that breaks IE8's toStaticHTML. That would be terribly limiting. (Does it prune the <video> and <audio> event attributes?)<br>
<br>When you call innerStaticHTML it should prune everything that's unsafe for *this UA*. Authors should not send that content to other UAs and expect it to be safe for those UAs.<br></div></div><br clear="all">Rob<br>
-- <br>"He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]<br>