Aryeh Gregor <> changed:

           What    |Removed                     |Added
                 CC|                            |Simetrical+wikibugs@gmail.c
                   |                            |om

--- Comment #22 from Aryeh Gregor <> 2011-02-21 
23:46:25 UTC ---
Although maybe we should define a subset of SVG using our own DTD, excluding
script elements and attributes, and test for validity using that DTD.  That
would be a very easy way to do whitelist-based security, which makes me feel
happier than the current blacklist-based approach.  Are we really sure that all
JS-activating attributes start with "on", and that no element will allow script
if it's not named "script"?  (But that's a separate issue.)

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

Wikibugs-l mailing list

Reply via email to