W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2013

Blank blocked-uris

From: Neil Matatall <neilm@twitter.com>
Date: Tue, 5 Feb 2013 07:40:57 -0800
Message-ID: <CAOFLtbg5NBQpJB3EbxNX8RE2rtBQw4FDs_78B1BZ1j8P+yV=9w@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hello all,

I was taking a look at our reports and noticed a significant number of
reports without a blocked-uri value. We tracked it down to two
(possibly more) culprits:

data: uris in images
javascript: uris in hrefs

I think the protocol would be enough information in this case.
Received on Tuesday, 5 February 2013 15:41:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2013 15:41:25 GMT