Rob Sayre's Mozilla Blog

I’ve just opened a tracking bug that covers various enhancements to our content handling features. One big complaint we get from extension and web authors is that DOMParser does not handle HTML content. This is a valid complaint, but the default behavior of the component should be very conservative, so that authors don’t include content like <object> in their own pages unless they really mean to. That means we will default to the white list we use for feed content, but make it configurable as well. Side effects of this effort will include a sanitizing CSS parser and exhaustive unit tests for the HTML parser, the CSS parser, and the XML parser. What’s not to like?