This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Now: When allowing harmless-seeming elements like img, it is important to whitelist any provided attributes as well. Suggestion: When allowing harmless-seeming elements like img, it is important to whitelist only the necessary attributes (that are needed for this specific demand). Comment: provided ist an expression that can be used in any way. In this case, it could be misunderstood (maybe not only by non native english speakers). The point should be that only safe attributes should be whitelisted.
HTML5.1 Bugzilla Bug Triage: fixed per suggestion. https://github.com/w3c/html/pull/252 If this resolution is not satisfactory, please copy the relevant bug details/proposal into a new issue at the W3C HTML5 Issue tracker: https://github.com/w3c/html/issues/new where it will be re-triaged. Thanks!