Re: [xsl] HTML5 semantics and XSLT

Hi again Liam,

Okay so now I am rereading your post and my followup and saying to myself, oh,
shouldn't we actually be using the markup to make sure stuff is properly
sandboxed ...?

(*ding*!)

Is that what you were getting at? It doesn't entirely relieve my concern but
it helps to address it, for sure.

Thanks, Wendell

-----Original Message-----
From: Liam R. E. Quin liam@xxxxxxxxxxxxxxxx
<xsl-list-service@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, February 23, 2022 2:04 PM
To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [xsl] HTML5 semantics and XSLT

On Wed, 2022-02-23 at 18:37 +0000, Piez, Wendell A. (Fed)
wendell.piez@xxxxxxxx wrote:
> Hi again,
>
> To Mike's question "And presumably any harm that can be done using
> this exploit could equally be done by executing untrusted HTML in the
> browser directly?"
>
> Indeed it could.

This is why there are sandbox facilities in HTML, in which you can say,
"beneath this element, no scripting is allowed and any additional CSS rules
will be ignored". The mechanism gives separate control over script, style,
iframe.

Liam

--
Liam
Quin, https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.d
elightfulcomputing.com%2F&amp;data=04%7C01%7Cwendell.piez%40nist.gov%7C255d88
2a750841387f1e08d9f6ff765f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C63781
2399339023109%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ
BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=UffR32GXJ9ySAnuMKExMRlO9kHY4namI
2E64tm1PD5Q%3D&amp;reserved=0
Available for XML/Document/Information Architecture/XSLT/ XSL/XQuery/Web/Text
Processing/A11Y training, work & consulting.
Barefoot Web-slave, antique illustrations:
 https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fromold
books.org%2F&amp;data=04%7C01%7Cwendell.piez%40nist.gov%7C255d882a750841387f1
e08d9f6ff765f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637812399339023109
%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi
LCJXVCI6Mn0%3D%7C3000&amp;sdata=G5asHa3Ro1ObwKWTUVkP5z7PkFUomb%2B71Z9fKlZ%2BB
mI%3D&amp;reserved=0

Current Thread
Re: [xsl] HTML5 semantics and XSLT, (continued) Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx - 23 Feb 2022 18:30:40 -0000 Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx - 23 Feb 2022 18:36:09 -0000 Liam R. E. Quin liam@xxxxxxxxxxxxxxxx - 23 Feb 2022 19:03:28 -0000 Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx - 23 Feb 2022 19:33:52 -0000 Piez, Wendell A. (Fed) wendell.piez@xxxxxxxx - 23 Feb 2022 19:42:52 -0000 <= Liam R. E. Quin liam@xxxxxxxxxxxxxxxx - 24 Feb 2022 00:55:32 -0000 Norm Tovey-Walsh ndw@xxxxxxxxxx - 23 Feb 2022 16:51:19 -0000 David Carlisle d.p.carlisle@xxxxxxxxx - 23 Feb 2022 17:00:36 -0000 David Carlisle d.p.carlisle@xxxxxxxxx - 23 Feb 2022 17:10:56 -0000

Current Thread

Re: [xsl] HTML5 semantics and XSLT, (continued)
- Norm Tovey-Walsh ndw@xxxxxxxxxx - 23 Feb 2022 16:51:19 -0000
- David Carlisle d.p.carlisle@xxxxxxxxx - 23 Feb 2022 17:00:36 -0000
- David Carlisle d.p.carlisle@xxxxxxxxx - 23 Feb 2022 17:10:56 -0000

<- Previous	Index	Next ->
Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe	Thread	Re: [xsl] HTML5 semantics and XSLT, Liam R. E. Quin liam
Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fe	Date	Re: [xsl] HTML5 semantics and XSLT, Liam R. E. Quin liam
	Month

<-prev [Thread] next->	<-prev [Date] next->
Month Index \| List Home