Re: [csswg-drafts] [css-values-4] Switch advanced attr() to being var()-like (#4482) from Emilio Cobos Álvarez via GitHub on 2019-11-20 (public-css-archive@w3.org from November 2019)

From: Emilio Cobos Álvarez via GitHub <sysbot+gh@w3.org>
Date: Wed, 20 Nov 2019 00:58:10 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-555786214-1574211489-sysbot+gh@w3.org>

> Can you elaborate on this, @emilio?

I just meant that the interesting case in terms of the sanitization-bypass that I mentioned is when you're disallowing the style attribute and `<style>` elements (as otherwise it is pointless).

> Is this right? How bad is the sanitization issue?

I'm not the right person to evaluate that; @hsivonen maybe?

-- 
GitHub Notification of comment by emilio
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4482#issuecomment-555786214 using your GitHub account

Received on Wednesday, 20 November 2019 00:58:12 UTC