- From: t-tera <notifications@github.com>
- Date: Wed, 16 Dec 2015 08:10:09 -0800
- To: whatwg/encoding <encoding@noreply.github.com>
Received on Wednesday, 16 December 2015 16:10:37 UTC
One concern is that some browsers (IE, Chrome, Safari) ignore 0x1A in certain contexts. <a href="[0x1A]javascript:alert(document.domain)">link</a> When clicking the link, a popup shows up as 0x1A (and other control-chars, to be exact) is ignored. Shouldn't we be worried about this sort of attack? --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/encoding/issues/15#issuecomment-165158165
Received on Wednesday, 16 December 2015 16:10:37 UTC