- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 16 Dec 2011 20:55:48 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec In directory hutz:/tmp/cvs-serv24686 Modified Files: Overview.html Log Message: Fix some typos or copypasta. (whatwg r6877) Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.5476 retrieving revision 1.5477 diff -u -d -r1.5476 -r1.5477 --- Overview.html 16 Dec 2011 20:53:45 -0000 1.5476 +++ Overview.html 16 Dec 2011 20:55:42 -0000 1.5477 @@ -1802,14 +1802,16 @@ <li>When allowing URLs to be provided (e.g. for links), the scheme of each URL also needs to be explicitly whitelisted, as there are many schemes that can be abused. The most prominent - example is "<code agents="" but="" can="" have="" historically="" implement="" implemented="" indeed="" others="" title="javascript:</code>" user=""> + example is "<code title="javascript-protocol">javascript:</code>", but user agents + can implement (and indeed, have historically implemented) + others.</li> <li>Allowing a <code><a href="#the-base-element">base</a></code> element to be inserted means any <code><a href="#the-script-element">script</a></code> elements in the page with relative links can be hijacked, and similarly that any form submissions can get redirected to a hostile site.</li> - </code></ul></dd> + </ul></dd> <dt>Cross-site request forgery (CSRF)</dt>
Received on Friday, 16 December 2011 20:57:50 UTC