On Wed, Aug 25, 2010 at 12:21 AM, Henri Sivonen hsivo...@iki.fi wrote:
On Aug 5, 2010, at 18:01, Silvia Pfeiffer wrote:
I developed WMML as a xml-based caption format that will not have the
problems that have been pointed out for DFXP/TTML, namely: there are no
namespaces, it doesn't use
On 8/25/10 1:12 AM, Ben Lerner wrote:
1) hibernating documents are very limited in what one can do with
them (e.g. attempting to mutate the document in any way while
hibernating will throw it away).
I assume such mutation could only come from other, fully-active,
same-origin documents. Why
On Tue, 24 Aug 2010 17:54:41 +0200, Tab Atkins Jr. jackalm...@gmail.com
wrote:
On Tue, Aug 24, 2010 at 8:07 AM, Philip Jägenstedt phil...@opera.com
wrote:
On Tue, 24 Aug 2010 16:21:28 +0200, Henri Sivonen hsivo...@iki.fi
wrote:
I'd be OK with not supporting karaoke or anime fansubbing at
On Tue, Aug 24, 2010 at 8:49 PM, Philip Jägenstedt phil...@opera.comwrote:
On Tue, 24 Aug 2010 04:32:21 +0200, Silvia Pfeiffer
silviapfeiff...@gmail.com wrote:
On Mon, Aug 23, 2010 at 6:55 PM, Philip Jägenstedt phil...@opera.com
wrote:
Aside: WebSRT can't contain binary data, only
Here's the script used: http://pastebin.com/KhdsydzJ
Input was determined to be valid UTF-8 if text.decode('utf-8') didn't
raise an exception, same for ASCII. I haven't tried to analyze what other
encodings were used.
Philip
On Tue, 24 Aug 2010 21:47:14 +0200, Kevin Marks
Thanks for the history lesson :) I'm not underestimating
backwards-compatibility, but since so much of old web content is brittle
in so many ways, it's hard to know in advance exactly which problems are
hiding under that back-compat umbrella.
One more question: Perhaps I'm misunderstanding
Anne van Kesteren:
On Wed, 25 Aug 2010 01:00:50 +0200, Ian Hickson i...@hixie.ch wrote:
I'm sure people do: P ALIGN=CENTER ... /P
Sure, but I highly doubt people do that and expect
p[align=center]
to work, especially since that has not always worked in all browsers.
I for one
On 8/25/10 3:31 AM, Ben Lerner wrote:
One more question: Perhaps I'm misunderstanding what you mean by throw
the document away, but if it means the document gets discarded, garbage
collected, and the DOM for that page doesn't exist any more... if you
had a page that mutated a hibernated document
On Wed, 25 Aug 2010 09:44:34 +0200, Christoph Päper
christoph.pae...@crissov.de wrote:
I for one would expect that selector to match that element, although I
would never write HTML like that. Imagine a browser or user stylesheet
where you would effectively have to list all possible casings.
On Wed, 25 Aug 2010 09:16:56 +0200, Silvia Pfeiffer
silviapfeiff...@gmail.com wrote:
On Tue, Aug 24, 2010 at 8:49 PM, Philip Jägenstedt
phil...@opera.comwrote:
On Tue, 24 Aug 2010 04:32:21 +0200, Silvia Pfeiffer
silviapfeiff...@gmail.com wrote:
On Mon, Aug 23, 2010 at 6:55 PM, Philip
On Wed, Aug 25, 2010 at 7:20 PM, Philip Jägenstedt phil...@opera.comwrote:
On Wed, 25 Aug 2010 09:16:56 +0200, Silvia Pfeiffer
silviapfeiff...@gmail.com wrote:
On Tue, Aug 24, 2010 at 8:49 PM, Philip Jägenstedt phil...@opera.com
wrote:
On Tue, 24 Aug 2010 04:32:21 +0200, Silvia Pfeiffer
On Wed, 25 Aug 2010 14:39:00 +0200, Silvia Pfeiffer
silviapfeiff...@gmail.com wrote:
On Wed, Aug 25, 2010 at 7:20 PM, Philip Jägenstedt
phil...@opera.comwrote:
The question, then, is if parsers that handle the mentioned markup
also
ignore 1, ruby and rt. I haven't tested it, but I
On Tue, Aug 24, 2010 at 7:43 PM, Philip Jägenstedt phil...@opera.comwrote:
On Tue, 24 Aug 2010 10:24:35 +0200, Ian Hickson i...@hixie.ch wrote:
Given that, it wouldn't be a big problem to let modification of src
attributes on source elements trigger resource selection, you won't get
the
On Thu, Aug 26, 2010 at 12:39 AM, Philip Jägenstedt phil...@opera.comwrote:
On Wed, 25 Aug 2010 14:39:00 +0200, Silvia Pfeiffer
silviapfeiff...@gmail.com wrote:
On Wed, Aug 25, 2010 at 7:20 PM, Philip Jägenstedt phil...@opera.com
wrote:
The question, then, is if parsers that handle the
On Aug 25, 2010, at 8:40 AM, Silvia Pfeiffer wrote:
On Thu, Aug 26, 2010 at 12:39 AM, Philip Jägenstedt phil...@opera.com wrote:
The results are hardly consistent, but at least one player exist for which
it's not enough to change the file extension and add a header. If we want to
make
On Fri, 30 Jul 2010, Dennis Joachimsthaler wrote:
Having a Content-Disposition property on a tags which does the same as
the HTTP Header. For example changing the file name of the file to be
downloaded or rather have a image file download rather than it being
shown in the browser
On Mon, 2 Aug 2010, Narendra Sisodiya wrote:
A html webpage can contains js, css, image files. If we leave the server
side scripting part then all resource files will static. JavaScript may
load a resource (like another js/image/css file or DataURI) dynamically.
If I want to download a
On Sun, 1 Aug 2010, Tantek �~Gelik wrote:
In speaking with fellow developers at Mozilla, I've collected the
following feedback:
The sandbox feature and functionality needs a thorough security review.
I encourage browser vendors to perform thorough security reviews of
_anything_ they
There was some recent feedback on the img alt attribute. I have quoted
some of it below. I haven't changed the spec: none of the points raised
were new information.
On Mon, 2 Aug 2010, Markus Ernst wrote:
Am 01.08.2010 11:43 schrieb Tantek Çelik:
http://wiki.whatwg.org/wiki/Img_Alt
My
On Mon, 2 Aug 2010, Dirk Pranke wrote:
On Mon, Aug 2, 2010 at 6:12 PM, Ian Hickson i...@hixie.ch wrote:
This thread primarily discussed ways to allow users to log in and out
of sites, possibly through improvements to the forms model.
This is an area that seems to be under a lot of
On Mon, 2 Aug 2010, Dirk Pranke wrote:
On Mon, Aug 2, 2010 at 7:09 PM, Ian Hickson i...@hixie.ch wrote:
On Mon, 2 Aug 2010, Dirk Pranke wrote:
On Mon, Aug 2, 2010 at 6:56 PM, Ian Hickson i...@hixie.ch wrote:
On Mon, 2 Aug 2010, Dirk Pranke wrote:
Why would a user ever want anyone
== Summary ==
HTML should support Base64-encoded entities to make it easier for
authors to include untrusted content in their documents without
risking XSS. For example,
%SFRNTDUncyA8Y2FudmFzPiBlbGVtZW50IGlzIGF3ZXNvbWUuCg==;
would decode to HTML5's canvas element is awesome. Notice that
the
On Wed, 25 Aug 2010, Adam Barth wrote:
HTML should support Base64-encoded entities to make it easier for
authors to include untrusted content in their documents without
risking XSS.
Seems like a fine idea. Get browsers to implement it and I'll spec it.
--
Ian Hickson U+1047E
On Mon, 2 Aug 2010, Charles Pritchard wrote:
[ UAs can use input type=file to let the user enter remote URLs ]
When a user through selection, click+drag or manual entry of a URL
should the browser still submit an Origin request header? It seems that
CORS doesn't come into effect here --
On Tue, 3 Aug 2010, Markus Ernst wrote:
Section 4.8.1.1.9 describes how alternative text for content images
should be written:
http://www.w3.org/TR/html5/embedded-content-1.html#a-key-part-of-the-content
(Note that the /TR/ copy is very out of date. I recommend using the
dev.w3.org copy or
Does ECMAScript currently have a built-in function for encoding decoding
base-64? We might want a built-in base-64 encoder / decoder if we are
implementing this base64-encoded entities.
- Ryosuke
On Wed, Aug 25, 2010 at 1:50 PM, Adam Barth w...@adambarth.com wrote:
== Summary ==
HTML
btoa and atob should do the trick.
Adam
On Wed, Aug 25, 2010 at 2:32 PM, Ryosuke Niwa ryosuke.n...@gmail.com wrote:
Does ECMAScript currently have a built-in function for encoding decoding
base-64? We might want a built-in base-64 encoder / decoder if we are
implementing this
On Tue, 3 Aug 2010, Tantek �~Gelik wrote:
The name of the summary element however is too generic sounding of an
element name for this special usage.
I don't see why that's a problem.
It is inevitable that people will begin using the summary element when
they simply mean a semantic
There's been some discussion on http://webkit.org/b/41372 about
Gecko's vs. WebKit's implementation of the popstate event. It turns
out that a careful reading of
http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#history-traversal,
specifically of item 10, indicates that if
== Workarounds ==
Currently, authors must carefully escape all untrusted content to
prevent an attacker from injecting HTML. Unfortunately, authors often
apply the incorrect escaping or forget to escape entirely, resulting
in security vulnerabilities. Escaping content in HTML is tricky
On Wed, 4 Aug 2010, Silvia Pfeiffer wrote:
However, what exactly happens with a media fragment URI like
http://example.com/picture.png#xywh=160,120,320,240 is not fully
specified in the Media Fragment URI spec.
I would recommend fixing that. :-)
Well, that goes into
It might also help if the event wasn't called popstate, since that
implies a 1:1 relationship with pushState calls, but you can already
get popstate events without corresponding pushState calls.
historytraversal perhaps?
I think we've decided here that the time for major changes to this API
On Tue, Aug 24, 2010 at 7:13 PM, Ian Hickson i...@hixie.ch wrote:
It would also be good to document the reasons why people want to expire
data. It's presumably not security -- you'd want to expire the authority
of any credentials on the server side long before it became an issue to
have them
On Wed, 25 Aug 2010, Aryeh Gregor wrote:
On Tue, Aug 24, 2010 at 7:13 PM, Ian Hickson i...@hixie.ch wrote:
It would also be good to document the reasons why people want to expire
data. It's presumably not security -- you'd want to expire the authority
of any credentials on the server side
2010/8/25 Kornel Lesiński kor...@geekhood.net:
These cases can be secured without any new features in browsers (by escaping
whitespace using numeric entities):
function htmlescape($str) {
return preg_replace('/[\s\']/e','.ord($0).;',$str);
}
That doesn't work in script for
On Wed, Aug 25, 2010 at 6:33 PM, Ian Hickson i...@hixie.ch wrote:
This relies on sites actually using this feature. I don't see any reason
to believe sites would use this enough to make a dent here.
A lot of sites set expiration dates for cookies, don't they?
If an author is aware enough to
On Wed, 25 Aug 2010, Aryeh Gregor wrote:
On Wed, Aug 25, 2010 at 6:33 PM, Ian Hickson i...@hixie.ch wrote:
This relies on sites actually using this feature. I don't see any reason
to believe sites would use this enough to make a dent here.
A lot of sites set expiration dates for cookies,
On Wed, Aug 25, 2010 at 1:55 PM, Ian Hickson i...@hixie.ch wrote:
On Wed, 25 Aug 2010, Adam Barth wrote:
HTML should support Base64-encoded entities to make it easier for
authors to include untrusted content in their documents without
risking XSS.
Seems like a fine idea. Get browsers to
On Thu, Aug 26, 2010 at 2:39 AM, Philip Jägenstedt phil...@opera.com wrote:
It's actually easier for a browser to ignore the MIME type than it is to be
strict about it, at least when the format is easily identified by sniffing
(sniffing code is needed anyway for local files).
Firefox (in the
On Thu, Aug 26, 2010 at 2:39 AM, Philip Jägenstedt phil...@opera.com wrote:
The main reason to care about the MIME type is some kind of doing the right
thing by not letting people get away with misconfigured servers. Sometimes
I feel it's just a waste of everyone's time though, it would
On Thu, Aug 26, 2010 at 5:25 AM, Eric Carlson eric.carl...@apple.com wrote:
FWIW, I agree with Silvia that a new file extension and MIME type make
sense.
I also think that a new file extension and MIME type is the way to go.
Chris.
--
http://www.bluishcoder.co.nz
On 8/25/10 7:41 PM, Adam Barth wrote:
2) Decoding base64 results in binary data. We'll need to convert that
data to characters in order to deal with it in the DOM. We use always
use UTF8 for that transformation, regardless of the document's
encoding.
Note that this issue means that using
On 8/25/10 9:37 PM, Boris Zbarsky wrote:
Note that this issue means that using atob or btoa for dealing with this
is a huge pain if non-ASCII chars are involved, since those take and
return byte arrays masquerading as JS strings, not actual Unicode strings.
Of course I can't find any actual
On Thu, Aug 26, 2010 at 8:10 AM, Ian Hickson i...@hixie.ch wrote:
On Wed, 4 Aug 2010, Silvia Pfeiffer wrote:
However, what exactly happens with a media fragment URI like
http://example.com/picture.png#xywh=160,120,320,240 is not fully
specified in the Media Fragment URI spec.
On Wed, Aug 25, 2010 at 9:40 PM, Boris Zbarsky bzbar...@mit.edu wrote:
On 8/25/10 9:37 PM, Boris Zbarsky wrote:
Note that this issue means that using atob or btoa for dealing with this
is a huge pain if non-ASCII chars are involved, since those take and
return byte arrays masquerading as JS
On Wed, Aug 25, 2010 at 7:00 PM, Silvia Pfeiffer
silviapfeiff...@gmail.com wrote:
As we adopt media fragment URIs into the HTML5 spec, we should prescribe
what the user experience is meant to be, such that UAs can implement a
consistent handling.
I don't think it makes sense to have the
On Aug 25, 2010, at 7:00 PM, Silvia Pfeiffer wrote:
There are recommendations for what to do with video in the browser. I can
encourage the group to also make recommendations for what it means for images
in the browser.
However, the use of Media Fragment URIs in applications in general
On 8/25/10 10:04 PM, Kevin Benson wrote:
Of course I can't find any actual spec for atob/btoa. I would think
it needs to be part of the Window spec, no?
https://developer.mozilla.org/en/DOM/window.atob
https://developer.mozilla.org/en/DOM/window.btoa
That's not a spec (unless you
On Wed, 4 Aug 2010, Thomas Koetter wrote:
In the past, there has been a lot discussion about not using br just to
insert line breaks everywhere. I'm fully aware that we have lots of
elements that are often a better fit and that, of course, line breaks
can be achieved by blocking inline
On 2010-08-25 21:09, Ian Hickson wrote:
On Fri, 30 Jul 2010, Dennis Joachimsthaler wrote:
Having a Content-Disposition property ona tags which does the same as
the HTTP Header. For example changing the file name of the file to be
downloaded or rather have a image file download rather than it
50 matches
Mail list logo