W3C home > Mailing lists > Public > public-css-archive@w3.org > December 2020

Re: [csswg-drafts] [selectors][css-values] Hide "sensitive" attributes from CSS (#5136)

From: Mildred Ki'Lya via GitHub <sysbot+gh@w3.org>
Date: Mon, 14 Dec 2020 14:47:11 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-744489027-1607957230-sysbot+gh@w3.org>
> Such an allowlist could even be arbitrarily extended by application developers via a JavaScript API

Please take into consideration cases where there is no javascript enabled. Perhaps a declarative definition in the `<head>` element which is far less likely to contain XSS than the `<body>` ?

-- 
GitHub Notification of comment by mildred
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5136#issuecomment-744489027 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 14 December 2020 14:47:13 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:24 UTC