On Sep 5, 2010, at 1:22 AM, Chris Lilley wrote:
> On Sunday, September 5, 2010, 4:00:20 AM, Adam wrote:
>
>>> body { binding: url(example.xbl#nav-then-main); }
>
> AB> Adding active content via CSS is bad for security. For example, IE
> AB> has removed support for CSS expressions (which execute script) and
> AB> Mozilla has removed support for XBL bindings, which, like this
> AB> proposal, would allow for script execution from CSS. Perhaps we
> AB> should consider a more secure mechanism for invoking the binding.
>
> In the light of that browser implementor feedback about the drawbacks of
> using CSS to add active content, maybe another method should be chosen. XPath
> for example might be useful here.<<inline: textmining-worms-copy.jpg>>
Adam's comments are about binding with a stylesheet, not Selectors. XBL2 provides binding mechanisms that do not involve a stylesheet at all. The last thing we need is to have the Selectors vs. XPath discussion again. Regards, Maciej
