- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Thu, 27 Jan 2011 16:29:38 -0800
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: Devdatta Akhawe <dev.akhawe@gmail.com>, gaz Heyes <gazheyes@gmail.com>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
> Oh btw, you could also. > <span security="xxxxx">html encoded content</span> > Or am I missing how this is going to behave being backward compatible? Well, the question is specifically about untrusted (and possibly poorly escaped) data being delimited on both ends, so that it is more difficult to escape - you can't close the block unless you know the nonce. I don't think this is very likely to happen :-( /mz
Received on Friday, 28 January 2011 00:30:31 UTC