- From: Andrew Fedoniouk <news@terrainformatica.com>
- Date: Wed, 4 Apr 2007 13:00:53 -0700
- To: "fantasai" <fantasai.lists@inkedblade.net>, <www-style@w3.org>
----- Original Message ----- From: "fantasai" <fantasai.lists@inkedblade.net> To: <www-style@w3.org> Sent: Wednesday, April 04, 2007 1:22 PM Subject: [becss] security notice | | The BeCSS draft should note somewhere that the 'binding' | property can introduce scripting and, unlike other CSS | properties, may need to be stripped out of user-submitted | content on sites like LiveJournal and weblogs. | | ~fantasai | In principle 'binding', 'behavio[u]r' and the like attributes shall not have url/url/iri values - just id's. In any case binding is technology dependent - not all resources can be presented as URL's now. As an example, css: li.myclass { binding: MyButton; } and in script (global namespace): var MyButton = { onmousedown: function() {...} onmouseup: function() {...} } here binding point defines one 'class' from many in some script file. The same can be applied to XBL and other similar technologies. And more: ideally CSS should also allow import of scripts and other resources: @media screen { @import-resource application/javascript "./my-componentes.js" } This way single CSS file may be used for styling presentation and behavior allowing HTML be used for semantic purposes only. Andrew Fedoniouk. http://terrainformatica.com
Received on Wednesday, 4 April 2007 19:59:50 UTC