On Tue, 17 Jun 2008, Frode Børli wrote:
A major challenge for many web developers is validating untrusted content
such as the message body of a blog comment. Unless the developer has a
flawless and future proof algorithm for ensuring that the message body does
not contain any script, web
Frode Børli wrote:
I have been reading up on past discussions on sandboxing content, and
My main arguments for having this feature (in one form or another) in
the browser is:
- It is future proof. Changes to browsers (for example adding
expression support to css) will never again require
Rantalainen
Sent: Wednesday, June 18, 2008 9:20 AM
To: whatwg@lists.whatwg.org
Subject: Re: [whatwg] Sandboxing to accommodate user generated content.
Frode Børli wrote:
I have been reading up on past discussions on sandboxing content, and
My main arguments for having this feature (in one form or another
On Tue, 17 Jun 2008 06:09:55 +0200, Frode Børli [EMAIL PROTECTED] wrote:
Hi! I am a new member of this mailing list, and I wish to contribute
with a couple of specific requirements that I believe should be
discussed and
perhaps implemented in the final specification. I am unsure if this is
I have been reading up on past discussions on sandboxing content, and
I feel that it is generally agreed on that there should be some
mechanism for marking content as user generated. The discussion
mainly appears to be focused on implementation. Please read my
implementation notes at the end of
Borli
Sent: Tuesday, June 17, 2008 3:05 PM
To: whatwg@lists.whatwg.org
Subject: Re: [whatwg] Sandboxing to accommodate user generated content.
I have been reading up on past discussions on sandboxing content, and
I feel that it is generally agreed on that there should be some
mechanism for marking
Hello,
I'm new to the list and have joined in response to this discussion on
html security changes.
I have been reading up on past discussions on sandboxing content, and I feel
that it is generally agreed on that there should be some mechanism for
marking content as user
generated. The
I've also been having side discussions with a few people regarding the
ability for a website owner to mark sections as data rather than code
(where everything lies now).
Your htmlarea tag idea is a good one (maybe change the tag to data
just a nitpick) however you don't address the use case
1. Please elaborate how an extension of CSS would require a sanitizer
update.
In the year 1998: A sanitizer algorithm works perfectly for all
existing methods of adding scripts. It uses a white list, which allows
only certain tags and attributes. Among the allowed attributes is
colspan,
Frode Børli wrote:
I have been reading up on past discussions on sandboxing content, and
I feel that it is generally agreed on that there should be some
mechanism for marking content as user generated. The discussion
mainly appears to be focused on implementation. Please read my
implementation
Of Frode Borli
Sent: Tuesday, June 17, 2008 8:34 PM
To: Kristof Zelechovski
Cc: whatwg@lists.whatwg.org
Subject: Re: [whatwg] Sandboxing to accommodate user generated content.
1. Please elaborate how an extension of CSS would require a sanitizer
update.
In the year 1998: A sanitizer algorithm works
I have been reading up on past discussions on sandboxing content, and
I feel that it is generally agreed on that there should be some
mechanism for marking content as user generated. The discussion
mainly appears to be focused on implementation. Please read my
implementation notes at the end
of them request the same data file.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frode Borli
Sent: Wednesday, June 18, 2008 12:12 AM
To: Lachlan Hunt
Cc: whatwg@lists.whatwg.org
Subject: Re: [whatwg] Sandboxing to accommodate user generated content.
I
Hi! I am a new member of this mailing list, and I wish to contribute with a
couple of specific requirements that I believe should be discussed and
perhaps implemented in the final specification. I am unsure if this is the
correct place to post my ideas (or if my ideas are even new), but if it is
Hi! I am a new member of this mailing list, and I wish to contribute with a
couple of specific requirements that I believe should be discussed and
perhaps implemented in the final specification. I am unsure if this is the
correct place to post my ideas (or if my ideas are even new), but if it is
15 matches
Mail list logo