- From: <bugzilla@jessica.w3.org>
- Date: Mon, 06 Oct 2014 09:49:33 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26982 Bug ID: 26982 Summary: 1.9.1 , list before CSRF, first item Product: HTML WG Version: unspecified Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P3 Component: HTML5 spec Assignee: dave.null@w3.org Reporter: stefan@duckflight.de QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-admin@w3.org, public-html-wg-issue-tracking@w3.org Now: When allowing harmless-seeming elements like img, it is important to whitelist any provided attributes as well. Suggestion: When allowing harmless-seeming elements like img, it is important to whitelist only the necessary attributes (that are needed for this specific demand). Comment: provided ist an expression that can be used in any way. In this case, it could be misunderstood (maybe not only by non native english speakers). The point should be that only safe attributes should be whitelisted. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 6 October 2014 09:49:34 UTC