Re: [csswg-drafts] [selectors][css-values] Hide "sensitive" attributes from CSS (#5136)

> Such an allowlist could even be arbitrarily extended by application developers via a JavaScript API

Please take into consideration cases where there is no javascript enabled. Perhaps a declarative definition in the `<head>` element which is far less likely to contain XSS than the `<body>` ?

GitHub Notification of comment by mildred
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Monday, 14 December 2020 14:47:13 UTC