[whatwg] innerStaticHTML

Robert O'Callahan robert at ocallahan.org
Mon May 11 16:05:28 PDT 2009

On Tue, May 12, 2009 at 4:16 AM, Adam Barth <whatwg at adambarth.com> wrote:

> On Thu, May 7, 2009 at 3:24 AM, Kristof Zelechovski
> <giecrilj at stegny.2a.pl> wrote:
> > If toStaticHTML prunes everything it is not sure of, the danger of a
> known
> > language construct suddenly introducing active content is negligible.  I
> am
> > sure HTML5 specification editors bear that aspect in mind and so shall
> they
> > in the future.
> Even if you believe that we've already committed to not introducing
> active content that breaks toStaticHTML (which I'm not convinced we
> have, especially because I don't know what algorithm it uses)

I would be shocked if we have committed to not introducing active content
that breaks IE8's toStaticHTML. That would be terribly limiting. (Does it
prune the <video> and <audio> event attributes?)

When you call innerStaticHTML it should prune everything that's unsafe for
*this UA*. Authors should not send that content to other UAs and expect it
to be safe for those UAs.

"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090512/6cdd5007/attachment-0002.htm>

More information about the whatwg mailing list