- From: Devdatta <dev.akhawe@gmail.com>
- Date: Sun, 6 Dec 2009 00:47:16 -0800
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: Adam Barth <w3c@adambarth.com>, Maciej Stachowiak <mjs@apple.com>, Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
> > And if developers start using the example that is given in the spec, then a > lot of people (devs often just follow documentation without thinking > twice) will miss the fact that attackers can inject a link instead of an > iframe. > +1 .. that example is really broken. cheers devdatta
Received on Sunday, 6 December 2009 08:48:08 UTC