Open Bug 1693906 Opened 4 years ago Updated 4 years ago

Add telemetry to discover usage of <plaintext>

Categories

(Core :: DOM: Core & HTML, task, P5)

Product:
Core
Component:
DOM: Core & HTML
Type:
task

Tracking

()

People

(Reporter: jkt, Unassigned)

Details

<plaintext> can be used to abuse in certain cases text that's not observable in a context that it shouldn't be visible to. (I don't have great concrete examples but have seen it abused).

For example code injected in a document write can be escaped and picked up by a script executing before it when it previously couldn't.

Aka:
<script>detection code document.write('<plaintext>')</script><stuff that isn't visible to the script until after insertion>

This means scripts that remove themselves for example are then visible perhaps unexpectedly. Also the tag is a footgun for almost all use-cases and has been deprecated since HTML 2.

It would be nice to treat this element always as a <pre> and remove special parsing behaviours.

I'm not sure I understand. How does this relate to feed readers? Also, if this is a request to change the HTML parser that really should go through standardization first, I think.

I guess this bug is only about telemetry, but I don't understand the feed reader part.

Severity: -- → N/A
Flags: needinfo?(jonathan)
Priority: -- → P5
Flags: needinfo?(jonathan)
Summary: Add telemetry to discover usage of feed reader preview <plaintext> → Add telemetry to discover usage of <plaintext>

I'm not sure I understand. How does this relate to feed readers?

Me neither 🤦 I think it was a paste issue perhaps hah.

Also, if this is a request to change the HTML parser that really should go through standardization first, I think.

I think it's worth gathering telemetry before considering standards changes etc.

You need to log in before you can comment on or make changes to this bug.