design context-aware bindings

[rafaelw]

which property escape binding content based on the type of the attribute content

[ajklein]

Given our current binding model (text nodes and attribute values), are there any cases we need to worry about besides URLs?

Within an URL, we should probably validate schemes, if there's a placeholder at the start (no "javascript:", for example). But after that it's not obvious to me what we can do automatically, unless we restrict how placeholders work in URL attribute bindings. That is, in <img src="http://www{{ foo }}/bar/baz.jpg">, it's not clear what restrictions we would want to put on {{foo}}, if any. But perhaps we could do something smart with <a href="http://www.site.com/foo/bar?baz={{ foo }}">.

Okay, I think it's not really about putting "restrictions", it's just that we can only do special handling if we can parse the leading parts of the URL.