On Jan 12, 2007, at 10:30 PM, James M Snell wrote:
Anne van Kesteren wrote:
[snip]
Frames are a terrible solution. The content is after all a part
of the
page it's hosted in, but we want to sandbox it to make sure it can't
do any harm.
The proposed alternative is severely underdefined and won't work
for the
foreseeable future anyway.
[snip]
Minor nit:
s/proposed alternative/simple strawman to illustrate the point/
I just want the behavior or something that comes close without
necessarily having to resort to aggressive filtering. That is, I
don't
necessarily want to eliminate scripts from the comments, I just
want to
be able to limit their impact.
Either way, I'm fully aware that any new invention here would take a
while to actually work.
- James
Please provide a real use case. I second Anne's point of comment
sanitation. Can you give me one single use case when it is useful to
use ECMAScript in a comment on a blog? Secondly, just as Bjoern
states; a malicious script could easily position new element on top
of other elements. Or do you want to restrict that too? I cannot see
what CSS has to do with it, since it is not a style issue, but a DOM
access behavior issue.
-- Jorgen
