Boris Zbarsky wrote:
2.) We should create a container element that invokes sanitization
code. Let's call it <livejournal-comment>.
I think any model that assumes that the only way we get content is by
parsing it is more or less doomed to failure. Unless
<livejournal-comment> has the same effect when someone clones nodes they
got via XMLHttpRequest and then inserts them as kids of it?
We could disallow DOM modification by non-chrome, but allow innerHTML.
That would go back through the parser. Seems like everyone uses
innerHTML anyway. I can't think of any non-religious objections to this
approach, other than click tracking. But the ping attribute should take
care of that.
-Rob
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
