Include additional reasoning for all elements not allowed in the default config

[mozfreddyb]

I'll do a follow-up for #351.

Right now, I have a very long definition list that states every element that is not allowed in the default config with a long sentence (e.g., "this element is not allowed because ...").

This becomes hard to read, build, review and maintain for various reasons:

• Long repeated text is hard to scan and skim
• The spec builds on an allow list. A separate disallow-list in prose text essentially increases the burden to maintain two split lists that are disjunct
• There's no good way to maintain that the two lists added together are indeed the list of all known elements
• The definition list does not do proper justice to the attributes that we allow only on some elements.

I will try and build a table of all HTML elements based and go through those instead.

[mozfreddyb]

I will try and build a table of all HTML elements based and go through those instead.

The list in https://html.spec.whatwg.org/#elements-3 is somewhat complete.

Question for the group, should I include stuff that is non-conforming but still implemented in browsers, like e.g. <plaintext>?
I could write text that we don't allow <plaintext> in the default config because it basically breaks the page, but I could also wirte a footnote that we don't allow any of the non-conforming elements?

[evilpie]

I would be fine with saying that all non-conforming elements are automatically disallowed by default.

[annevk]

It might also be worth thinking about how we want to integrate this into HTML eventually. Should this be as a separate table/list or should it be part of each element definition? The latter makes it less likely we'll forget about it for new elements.

[mozfreddyb]

I may have mentioned this in the past that I would really value a notion of whether an element / attribute is "safe for untrusted content" (= allowed by default) that we use throughout the HTML standard. Curious to hear what @zcorpan thinks of this.