W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2013

Re: CSP & data URIs

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 10 Jan 2013 10:02:12 -0500
Message-ID: <50EED7F4.3020006@mit.edu>
To: public-webappsec@w3.org
On 1/10/13 9:44 AM, Yoav Weiss wrote:
> It seems that at least in some browsers, img data URIs are XSS
> exploitable[1][2].

Uh.... no.  They're not.  What made you think they are, exactly?  The 
links you point to certainly say nothing of the sort.

-Boris
Received on Thursday, 10 January 2013 15:02:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 10 January 2013 15:02:55 GMT