Interesting idea. We'd have to think about whether there would be any
way for the malicious cross-site scripter to get the value of the random
key attribute. If they could do so, they could generate a valid closing
tag and proceed with active content.
It would be great to feellike there was
From the perspective of a web application programmer and security
consultant, I think it would be very useful to have HTML tags to mark HTML
sections where active content should be disabled, possibly selected active
content.
Right now the HTML environment with respect to potentially dangerous
Lincoln Yeoh wrote:
I have tried the www-html list,
And have read your proposal there (about a year ago?). (But I don't
remember the discussion exactly anymore.)
and other places, nothing happened
Maybe because there were valid concerns, maybe it's even just a bad
idea? To be taken
Lincoln Yeoh wrote:
But can you actually help?
No, I have no time.
e.g. Telling me I've got it wrong and so I can forget the whole thing
or fix it (slightly broken), or I've got it right and you can actually
help take the idea further, or you know someone who can?
The idea doesn't look