xsl-list
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [xsl] HTML5 semantics and XSLT

2022-02-23 13:42:56
from [Piez, Wendell A. (Fed) wendell(_dot_)piez(_at_)nist(_dot_)gov] [Permanent Link] 
Hi again Liam,

Okay so now I am rereading your post and my followup and saying to myself, oh, 
shouldn't we actually be using the markup to make sure stuff is properly 
sandboxed ...?

(*ding*!)

Is that what you were getting at? It doesn't entirely relieve my concern but it 
helps to address it, for sure.

Thanks, Wendell

-----Original Message-----
From: Liam R. E. Quin liam(_at_)fromoldbooks(_dot_)org 
<xsl-list-service(_at_)lists(_dot_)mulberrytech(_dot_)com> 
Sent: Wednesday, February 23, 2022 2:04 PM
To: xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
Subject: Re: [xsl] HTML5 semantics and XSLT

On Wed, 2022-02-23 at 18:37 +0000, Piez, Wendell A. (Fed) 
wendell(_dot_)piez(_at_)nist(_dot_)gov wrote:

Hi again,

To Mike's question "And presumably any harm that can be done using 
this exploit could equally be done by executing untrusted HTML in the 
browser directly?"

Indeed it could.


This is why there are sandbox facilities in HTML, in which you can say, 
"beneath this element, no scripting is allowed and any additional CSS rules 
will be ignored". The mechanism gives separate control over script, style, 
iframe.

Liam

--
Liam 
Quin, https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.delightfulcomputing.com%2F&amp;data=04%7C01%7Cwendell.piez%40nist.gov%7C255d882a750841387f1e08d9f6ff765f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637812399339023109%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=UffR32GXJ9ySAnuMKExMRlO9kHY4namI2E64tm1PD5Q%3D&amp;reserved=0
Available for XML/Document/Information Architecture/XSLT/ XSL/XQuery/Web/Text 
Processing/A11Y training, work & consulting.
Barefoot Web-slave, antique illustrations: 
 https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fromoldbooks.org%2F&amp;data=04%7C01%7Cwendell.piez%40nist.gov%7C255d882a750841387f1e08d9f6ff765f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637812399339023109%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=G5asHa3Ro1ObwKWTUVkP5z7PkFUomb%2B71Z9fKlZ%2BBmI%3D&amp;reserved=0
--~----------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
EasyUnsubscribe: http://lists.mulberrytech.com/unsub/xsl-list/1167547
or by email: xsl-list-unsub(_at_)lists(_dot_)mulberrytech(_dot_)com
--~--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fed) wendell(_dot_)piez(_at_)nist(_dot_)gov
Next by Date:  Re: [xsl] HTML5 semantics and XSLT, Liam R. E. Quin liam(_at_)fromoldbooks(_dot_)org
Previous by Thread:  Re: [xsl] HTML5 semantics and XSLT, Piez, Wendell A. (Fed) wendell(_dot_)piez(_at_)nist(_dot_)gov
Next by Thread:  Re: [xsl] HTML5 semantics and XSLT, Liam R. E. Quin liam(_at_)fromoldbooks(_dot_)org
Indexes:  [Date] [Thread] [Top] [All Lists]