Monday, November 21, 2011

Securing the Web, appendix

*(requires id attribute)
<!-- -->
<script>* (only src attribute, no inline script)
<style>* (but only css @ directives allowed inside)

(no html comments, id attributes or inline event handlers)
<area >
<img> (restricted to #fragment refs)


(with src= attributes that can point to #fragments of ManifestML)
*(requires id attribute)
<form>* (restricted to #fragment refs)

<input type="button">
<input type="checkbox">
<input type="color">
<input type="date">
<input type="datetime">
<input type="datetime-local">
<input type="email">
<input type="file">
<input type="hidden">
<input type="image">
<input type="month">
<input type="number">
<input type="password">
<input type="radio">
<input type="range">
<input type="reset">
<input type="search">
<input type="submit">
<input type="tel">
<input type="text">
<input type="time">
<input type="url">
<input type="week">

