On 4/23/14, 8:53 PM, Brian Anderson wrote:
We're assuming nobody is going to be attacking Rust symbols though
Oh, right, that's the other worry.
We've had security issues in the past due to things like <input
type="fİle"> being treated as a file input by some parts of the system
but not others. So anything that allows collisions between
user-provided things and built-in atoms for attribute names and values
is bad.
On the bright side, it may be possible to enforce that all built-in
atoms are under the 16 char limit and hence not susceptible to collisions.
-Boris
_______________________________________________
dev-servo mailing list
dev-servo@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-servo