Suggestion for HTML-security-extension “scriptaccess”

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Suggestion for HTML-security-extension “scriptaccess”

Michael Kleiser

Hello, I hope this is the right mailing-list for my mail and there is no similar suggestion mailed before.
My idea is to create an universal HTML-attribute to block cross-site-scripting –attacks for parts of a website, p. e. login-forms.

Like “httponly” for Cookies I want to have a possibility to limit the access by Javascript and other scripting-languages in the browser.

An attribute “scriptaccess” could have the values: “on”, “off”, and “read only”.
“on” would be the standard behavior, HTML-element s have nowadays and the default if “scriptaccess” is not used.

“off” would make the HTML-element invisible for Scripts.
And “read only” of course only readable for them.

“scriptaccess” should also affect child-nodes of the node with the attribute “scriptaccess”.
For child-nodes – of course – it should be possible to could change the behavior with an “scriptaccess”-attribute on it.