[Bug 25924] [Imports]: The spec. is not very specific about the edge cases of the load from bugzilla@jessica.w3.org on 2014-06-02 (public-webapps-bugzilla@w3.org from June 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 02 Jun 2014 09:34:53 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-25924-2532-u5rkmRVEpZ@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25924

Anne <annevk@annevk.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jonas@sicking.cc

--- Comment #6 from Anne <annevk@annevk.nl> ---
(In reply to Gabor Krizsanits from comment #5)
> Why is script execution a concern exactly?

We want to restrict data URLs more. Them simply inheriting the origin of the
fetching context can be somewhat dangerous. Not a 100% sure whether this
applies to HTML imports, as they can effectively do the same as <script> which
is also unprotected. Seems like
http://lists.w3.org/Archives/Public/public-webapps/2014AprJun/0729.html is the
larger issue here.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 2 June 2014 09:34:56 UTC