> > I assume safely tweakable themes require some sort of guarantee that > > there is at least a minimum level of correspondence between the CSS and > > the XHTML. The current mechanism of linking to a style sheet provides > > no guarantees on the CSS content of that style sheet; indeed, the style > > sheet may not even contain valid CSS. Of course Ur/Web supports > > theming, but I don't think it currently supports safe theming. Control > > of CSS class attributes via style helps but leaves too much > > underspecified to be safe (in my opinion). > > If it's "safety" you're concerned with, I believe that can be achieved > just by limiting which URLs may be included in CSS.
That should work for "safety" as "safety against malicious input". I was more thinking about "safety" as "safety against programmer oversight", to provide some level of themes that "don't go wrong". For example, a way to guarantee that both the CSS and XHTML agree on a three column layout, or that there should be an element bearing a logo in the top corner. > There are other > properties within valid CSS that could cause annoying behavior, but I > don't see that as being an issue for allowing someone to theme his blog > or CMS. I agree that broken columns or strange fonts are annoying rather than dangerous. _______________________________________________ Ur mailing list [email protected] http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
