5 June 2014 TC39 Meeting Notes
Mark S. Miller
erights at google.com
Fri Jun 13 10:07:04 PDT 2014
Thanks, and thanks to Hixie for that playground.
I can't see us adopting parsing rules for a new tag that results in
different structure for the rest of the page on old vs new browsers.
Otherwise we just invite a whole new category of injection attacks.
On Fri, Jun 13, 2014 at 9:53 AM, Anne van Kesteren <annevk at annevk.nl> wrote:
> On Fri, Jun 13, 2014 at 6:45 PM, Mark S. Miller <erights at google.com>
> > Hi Anne, I didn't understand the answer. When an old browser that knows
> > nothing of <module> specifically sees "<table><module></table>", does it
> > consider the <module> to be closed when it sees the </table> ? This also
> > raises the question: Does such an old browser consider the <table> to be
> > closed by this occurrence of </table>?
> Yes and yes. I recommend playing with
> http://software.hixie.ch/utilities/js/live-dom-viewer/ if you do not
> want to read the algorithm in the specification. The tree it generates
> might surprise you. Be sure to switch out <module> with <script> for
> differences ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss