> Every attack relies on [`<url>`](https://drafts.csswg.org/css-values/#urls). Can all other uses of `attr()` be considered safe and therefore need no restriction at all? Not true, as I linked in an earlier comment: <https://github.com/w3c/csswg-drafts/issues/5092#issuecomment-636452209> -- GitHub Notification of comment by tabatkins Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5136#issuecomment-639599270 using your GitHub accountReceived on Friday, 5 June 2020 16:07:17 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:27:12 UTC