Re: [csswg-drafts] [css-values] A way to dynamically construct custom-ident and dashed-ident values (#9141) from Tab Atkins Jr. via GitHub on 2024-04-12 (public-css-archive@w3.org from April 2024)

From: Tab Atkins Jr. via GitHub <sysbot+gh@w3.org>
Date: Fri, 12 Apr 2024 22:57:53 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-2052662506-1712962671-sysbot+gh@w3.org>

See #5092 for discussion on the security concerns, I just made some edits and posted a comment today.

(And no, I doubt data urls would be safe to allow, since you could then just inject the attr() value into a more active URL *inside the data url* and still exfiltrate the data.)

-- 
GitHub Notification of comment by tabatkins
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/9141#issuecomment-2052662506 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 12 April 2024 22:57:54 UTC