- From: <bugzilla@jessica.w3.org>
- Date: Fri, 19 Apr 2013 13:55:50 +0000
- To: public-webapps-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21700 --- Comment #2 from Henri Sivonen <hsivonen@iki.fi> --- (In reply to comment #0) > the implementation must remove > > * SCRIPT element > * javascript: URLs > * on...="" event handler attributes Blacklisting is the wrong way to write sanitizers. Gecko uses whitelisting: http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsTreeSanitizer.cpp -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Friday, 19 April 2013 13:55:52 UTC