Re: [csswg-drafts] [css-syntax] Consider disallowing NULL code points in stylesheets

(Since my earlier comment wasn't clear: I support the original proposal. `file:` documents requesting `file:` resources leads to the potential of data exfiltration along the lines of what Tab suggested. We've seen exactly that attack in the vaguely recent past, and hardening the CSS parser to crash and burn on `\0` seems quite reasonable to me. I'd be equally happy to follow @SimonSapin's suggestion of widening the ban to a larger set of control characters. :) )

-- 
GitHub Notification of comment by mikewest
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2757#issuecomment-403702067 using your GitHub account

Received on Tuesday, 10 July 2018 05:09:44 UTC