5 June 2014 TC39 Meeting Notes

Mark S. Miller erights at google.com
Fri Jun 13 10:07:04 PDT 2014

Thanks, and thanks to Hixie for that playground.

I can't see us adopting parsing rules for a new tag that results in
different structure for the rest of the page on old vs new browsers.
Otherwise we just invite a whole new category of injection attacks.

On Fri, Jun 13, 2014 at 9:53 AM, Anne van Kesteren <annevk at annevk.nl> wrote:

> On Fri, Jun 13, 2014 at 6:45 PM, Mark S. Miller <erights at google.com>
> wrote:
> > Hi Anne, I didn't understand the answer. When an old browser that knows
> > nothing of <module> specifically sees "<table><module></table>", does it
> > consider the <module> to be closed when it sees the </table> ? This also
> > raises the question: Does such an old browser consider the <table> to be
> > closed by this occurrence of </table>?
> Yes and yes. I recommend playing with
> http://software.hixie.ch/utilities/js/live-dom-viewer/ if you do not
> want to read the algorithm in the specification. The tree it generates
> might surprise you. Be sure to switch out <module> with <script> for
> differences ;-)
> --
> http://annevankesteren.nl/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20140613/8827507c/attachment.html>

More information about the es-discuss mailing list