[Ur] A direction for Ur/Web
Karn Kallio
tierpluspluslists at gmail.com
Sun Mar 27 15:33:35 EDT 2011
> > I assume safely tweakable themes require some sort of guarantee that
> > there is at least a minimum level of correspondence between the CSS and
> > the XHTML. The current mechanism of linking to a style sheet provides
> > no guarantees on the CSS content of that style sheet; indeed, the style
> > sheet may not even contain valid CSS. Of course Ur/Web supports
> > theming, but I don't think it currently supports safe theming. Control
> > of CSS class attributes via style helps but leaves too much
> > underspecified to be safe (in my opinion).
>
> If it's "safety" you're concerned with, I believe that can be achieved
> just by limiting which URLs may be included in CSS.
That should work for "safety" as "safety against malicious input". I was more
thinking about "safety" as "safety against programmer oversight", to provide
some level of themes that "don't go wrong". For example, a way to guarantee
that both the CSS and XHTML agree on a three column layout, or that there
should be an element bearing a logo in the top corner.
> There are other
> properties within valid CSS that could cause annoying behavior, but I
> don't see that as being an issue for allowing someone to theme his blog
> or CMS.
I agree that broken columns or strange fonts are annoying rather than
dangerous.
More information about the Ur
mailing list