- From: <sird@rckc.at>
- Date: Tue, 26 Jan 2010 18:44:39 +0800
- To: gaz Heyes <gazheyes@gmail.com>
- Cc: Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
Received on Tuesday, 26 January 2010 10:45:43 UTC
as of right now, stuff like
@import url('javascript:code-here');
runs in a sandboxed context (on Firefox), maybe the same could apply for
this?
Greetings!!
-- Eduardo
http://www.sirdarckcat.net/
Sent from Hangzhou, 33, China
On Tue, Jan 26, 2010 at 6:38 PM, gaz Heyes <gazheyes@gmail.com> wrote:
> 2010/1/26 Ian Hickson <ian@hixie.ch>
>
>> Again, whether it executes or not is not a matter for the HTML5 spec to
>> define; I just want to make sure that if it _does_, the origin is
>> well-defined.
>>
>
> Why not? What possible use could it be to execute javascript from that
> context? If we define past mistakes at spec. level then those mistakes
> aren't likely to be repeated no?
>
Received on Tuesday, 26 January 2010 10:45:43 UTC