> I'd rather not go this route in our initial implementation. I think > we should target the use case of a web site receiving an untrusted > string via cross-origin XMLHttpRequest or postMessage.
Fair enough. OTOH, this solves a very narrow problem. If we have an implementation that at least extends to a non-JS solution without the need to create a wholly separate mechanism should there eventually be desire to make a difference in this area, it's a win. So, child-locked tags appeal to me a whole lot more than a variant of .innerHTML. Cheers, /mz _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
