Subject: Re: [xsl] HTML5 semantics and XSLT From: "Liam R. E. Quin liam@xxxxxxxxxxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> Date: Wed, 23 Feb 2022 19:03:27 -0000 |
On Wed, 2022-02-23 at 18:37 +0000, Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx wrote: > Hi again, > > To Mike's question "And presumably any harm that can be done using > this exploit could equally be done by executing untrusted HTML in the > browser directly?" > > Indeed it could. This is why there are sandbox facilities in HTML, in which you can say, "beneath this element, no scripting is allowed and any additional CSS rules will be ignored". The mechanism gives separate control over script, style, iframe. Liam -- Liam Quin,B https://www.delightfulcomputing.com/ Available for XML/Document/Information Architecture/XSLT/ XSL/XQuery/Web/Text Processing/A11Y training, work & consulting. Barefoot Web-slave, antique illustrations: B http://www.fromoldbooks.org
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe | Thread | Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe |
Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe | Date | Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe |
Month |