[Bug 10523] Scripting disabled check should happen after setting 'already started' from bugzilla@jessica.w3.org on 2010-09-25 (public-html-bugzilla@w3.org from September 2010)

From: <bugzilla@jessica.w3.org>
Date: Sat, 25 Sep 2010 19:59:43 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1OzauN-0001wa-8i@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=10523





--- Comment #3 from contributor@whatwg.org  2010-09-25 19:59:42 ---
Checked in as WHATWG revision r5499.
Check-in comment: Make policy checks for <script> happen after the flag is set
that prevents the script from being run again, so that if somehow an attacker
causes a document to be reinserted somewhere that has scripts enabled, the
scripts still won't run.
http://html5.org/tools/web-apps-tracker?from=5498&to=5499

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Saturday, 25 September 2010 19:59:44 UTC