Subject: Re: [xsl] HTML5 semantics and XSLT From: "Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx" <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> Date: Wed, 23 Feb 2022 19:42:52 -0000 |
Hi again Liam, Okay so now I am rereading your post and my followup and saying to myself, oh, shouldn't we actually be using the markup to make sure stuff is properly sandboxed ...? (*ding*!) Is that what you were getting at? It doesn't entirely relieve my concern but it helps to address it, for sure. Thanks, Wendell -----Original Message----- From: Liam R. E. Quin liam@xxxxxxxxxxxxxxxx <xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx> Sent: Wednesday, February 23, 2022 2:04 PM To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx Subject: Re: [xsl] HTML5 semantics and XSLT On Wed, 2022-02-23 at 18:37 +0000, Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx wrote: > Hi again, > > To Mike's question "And presumably any harm that can be done using > this exploit could equally be done by executing untrusted HTML in the > browser directly?" > > Indeed it could. This is why there are sandbox facilities in HTML, in which you can say, "beneath this element, no scripting is allowed and any additional CSS rules will be ignored". The mechanism gives separate control over script, style, iframe. Liam -- Liam Quin, https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.d elightfulcomputing.com%2F&data=04%7C01%7Cwendell.piez%40nist.gov%7C255d88 2a750841387f1e08d9f6ff765f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C63781 2399339023109%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UffR32GXJ9ySAnuMKExMRlO9kHY4namI 2E64tm1PD5Q%3D&reserved=0 Available for XML/Document/Information Architecture/XSLT/ XSL/XQuery/Web/Text Processing/A11Y training, work & consulting. Barefoot Web-slave, antique illustrations: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fromold books.org%2F&data=04%7C01%7Cwendell.piez%40nist.gov%7C255d882a750841387f1 e08d9f6ff765f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637812399339023109 %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi LCJXVCI6Mn0%3D%7C3000&sdata=G5asHa3Ro1ObwKWTUVkP5z7PkFUomb%2B71Z9fKlZ%2BB mI%3D&reserved=0
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe | Thread | Re: [xsl] HTML5 semantics and XSLT, Liam R. E. Quin liam |
Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe | Date | Re: [xsl] HTML5 semantics and XSLT, Liam R. E. Quin liam |
Month |