[Bug 8818] New: Remove the srcdoc attribute from bugzilla@wiggum.w3.org on 2010-01-26 (public-html-bugzilla@w3.org from January 2010)

From: <bugzilla@wiggum.w3.org>
Date: Tue, 26 Jan 2010 15:47:24 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-8818-2486@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=8818

           Summary: Remove the srcdoc attribute
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec bugs
        AssignedTo: dave.null@w3.org
        ReportedBy: shelleyp@burningbird.net
         QAContact: public-html-bugzilla@w3.org
                CC: ian@hixie.ch, mike@w3.org, public-html@w3.org


This recent entry does not have universal acceptance, and the group was still
discussing it when the editor added it to the specification. 

The supposed use case for this attribute is weblog comments, but concerns about
HTML security have been resolved with weblog and other application comments
years ago. In addition, support for this attribute could give the impression
that online sites don't need any other security, which is false. Script
injection is only one aspect of security related to weblog comments, and
considered a fairly trivial one at that.

This needs to be removed from the specification.


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Tuesday, 26 January 2010 15:47:25 UTC