- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Thu, 20 Jan 2011 15:26:00 -0800
- To: gaz Heyes <gazheyes@gmail.com>
- Cc: Brandon Sterne <bsterne@mozilla.com>, Adam Barth <w3c@adambarth.com>, public-web-security@w3.org, Sid Stamm <sid@mozilla.com>, Lucas Adamski <ladamski@mozilla.com>
> <http://www.thespanner.co.uk/2009/11/23/bypassing-csp-for-fun-no-profit/> Yeah, we were also unhappy with E4X for other reasons: http://code.google.com/p/doctype/wiki/ArticleE4XSecurity ...but E4X is not the root issue here, it just makes this vector a bit more convincing. /mz
Received on Thursday, 20 January 2011 23:26:53 UTC