On 12 Oct 2017, at 21:22, Dave Cridland <[email protected]> wrote: > I hereby promise a concrete proposal on > these - it ought to handle a few other cases too.
Ta, I think that’s needed for the discussion. One issue here is that I think Sam’s argument is that it’s 1) too tempting, for whatever reason, when you have a chunk of HTML you want to render to dump it straight into .innerHTML or such without sanitisation 2) fundamentally impossible to put a sufficient amount of verbiage into XHTML-IM to mitigate this inclination 3) not acceptable that we have a spec that leads, through this temptation, to people injecting straight into the DOM This leads me to wonder whether the replacement is going to go something like: A) There’s a new spec that says *something* should render something in bold B) Devs implement this by converting *something* into <b>something</b> C) Devs now have a chunk fo HTML that they want to render D) See (1) E) See (2) F) See (3) /K _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
