[whatwg] validate attribute in <A>
Ian Hickson
ian at hixie.ch
Mon Nov 5 18:52:55 PST 2007
On Mon, 5 Nov 2007, Jon Barnett wrote:
> On 11/5/07, Ian Hickson <ian at hixie.ch> wrote:
> >
> > Philip brought up a good point on IRC which is that hashing the entity
> > doesn't protect against changes to the headers (and hashing the headers
> > isn't workable since they change).
>
> If it were to be crammed into HTML, it would be nice if it were done
> like this: <a href="..." type="application/octet-stream; md5=xxx">
That doesn't really address the problem of unexpected hostile HTTP
headers, though (like Set-Cookie or Location with a 301 response code).
It was also later pointed out that this idea would also make incremental
rendering more difficult to achieve.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list