- From: Eduardo Vela <sirdarckcat@gmail.com>
- Date: Tue, 8 Dec 2009 07:46:20 +0800
- To: Daniel Glazman <daniel@glazman.org>
- Cc: public-web-security@w3.org
Received on Monday, 7 December 2009 23:47:01 UTC
we=me+the people that asked.
and the example just demonstrate the fact that you can read atributes..
check the references for working examples ;)
if you (meaning Daniel) think it shouldnt be fixed I think it's ok (since so
many people implemented that silly idea of powerfull selectors..).. after
all.. I love hacking! I am waiting eagerly for the first real world attack
that exploits this feature.. and making XSS without javascript a reality.
greetings!
-- Sent from my cellphone.
On Dec 8, 2009 5:43 AM, "Daniel Glazman" <daniel@glazman.org> wrote:
sird@rckc.at wrote: > a[href$=.pdf]::before{content:url(pdficon.gif)} > >
And it rocks, it really r...
"we"? Who's that "we"? In the World Wide Web Consortium, that "we"
is the Community on one hand, the W3C Membership (including browser
vendors) on the other.
So yes, "we" wanted to add that ability to CSS.
> I mean, imho, :visited selectors should have been vanished from CSS3.. but
> well..
I think the "we" I mentioned above VERY strongly disagrees with you
here.
</Daniel>
Received on Monday, 7 December 2009 23:47:01 UTC