- From: Simon Sapin via GitHub <sysbot+gh@w3.org>
- Date: Tue, 10 Jul 2018 05:27:50 +0000
- To: public-css-archive@w3.org
To be clear my mentioning control characters was an attempt to show how arbitrary an heuristic it is to look for U+0000 *or* some other set of code points, not an actual proposal. I think that the CSS tokenizer is the wrong layer to fix this. If the concern is for example with `file:///C:/Users/me/Downloads/evil.html` requesting `file:///C:/Users/Me/AppData/GoogleChrome/passwords.sqlite`, wouldn’t a heuristic based on URLs be better? For example going "up" a directory, or going through a directory that the OS considers hidden. -- GitHub Notification of comment by SimonSapin Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2757#issuecomment-403704664 using your GitHub account
Received on Tuesday, 10 July 2018 05:28:21 UTC