Hallvord,
Le 2 mai 2011 à 09:00, Hallvord R. M. Steen a écrit : >> I am not at all against your proposal but I tend to see two reasons >> "against" it: >> - I expect mostly the server to be providing the HTML, the javascript code >> does probably not need to process it further (they trust each other!) > > I don't really understand this comment. We're talking about HTML that comes > from the clipboard, not from the server. I think this is not at all contradictory. In many of the scenarios I have working for, the content to be put on the clipboard would come from a "luxury" knowledge structure on the server, one that has access to some semantic source and can infer useful representations out of it; these get put to the clipboard. An offline HTML would also be an example of it. Hence... I would not really need a DOM representation. (however, I wonder if a timer is going to be honoured for such a query to be finished somehow). >> - I suppose the security processing may be done under an optimized >> processing which is not really necessarily DOM-exposed > > Maybe, maybe not. To sanitise something that will be inserted into a DOM > structure, I would think the safest thing would be processing it according to > DOM algorithms while sanitising too. Sure. paul