Hi Louis,
Glad to hear this. Almost exactly same concept was raised very early in the 0.9 process by us at Yahoo. In stead of calling it “html-sanitize”, we called it “html-simple”. This is not necessarily only for proxied content though. In line content should also support this.
At that time, only us required this feature and we didn’t hear much echos. As a result it was pulled off temporally from the spec.
You have my +1 to put this back into 0.9 spec especially considering the implementation is already in the Shindig.
-Charlie
+1.
Because this is a significant security constraint it does make sense to place it in the initial release.
The concern here seems to be based on whether or not a given container supports sanitized Home/Profile views. If this is the case, can’t the developer use manifests handle presenting the gadget for Ning and then present another bit of markup for Orkut?
My assumption is that, as a developer gets to the point where they target multiple containers, they have built up the expertise to write a script that properly assembles a gadget.xml based on the types of views/containers they support.
Finally—are we in agreement that this particular item is not a CORE feature, it is an extension?
Technically, it isn’t in 0.9. It’s outside, right?
I am for <Content type=”x-html-sanitized”…
This enables overloading view definition with different types.
I'm fine with it being an extension in 0.9. Lanes suggestion to use <Content type=html-sanitized is interesting but I think per-view features is probably the right direction to go, its something we've needed for a while anyway