[Bug 26982] New: 1.9.1 , list before CSRF, first item from bugzilla@jessica.w3.org on 2014-10-06 (public-html-admin@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 06 Oct 2014 09:49:33 +0000
To: public-html-admin@w3.org
Message-ID: <bug-26982-2495@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26982

            Bug ID: 26982
           Summary: 1.9.1 , list before CSRF, first item
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: HTML5 spec
          Assignee: dave.null@w3.org
          Reporter: stefan@duckflight.de
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-admin@w3.org,
                    public-html-wg-issue-tracking@w3.org

Now:
When allowing harmless-seeming elements like img, it is important to whitelist
any provided attributes as well.
Suggestion:
When allowing harmless-seeming elements like img, it is important to whitelist
only the necessary attributes (that are needed for this specific demand).
Comment:
provided ist an expression that can be used in any way. In this case, it could
be misunderstood (maybe not only by non native english speakers). The point
should be that only safe attributes should be whitelisted.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Monday, 6 October 2014 09:49:35 UTC