- From: <bugzilla@jessica.w3.org>
- Date: Sat, 31 May 2014 07:02:20 +0000
- To: public-webapps-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25924 Anne <annevk@annevk.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #4 from Anne <annevk@annevk.nl> --- We should probably actually clarify data URLs. I suspect they should not be allowed here as they would be able to execute scripts. I need to add the flag proposed by Jonas in http://lists.w3.org/Archives/Public/public-webapps/2014AprJun/0696.html and HTML imports should probably not set it. Is the text/html requirement stated? Brendan, as for the rest: * blob URLs can work if they're same-origin * redirect should be followed http://fetch.spec.whatwg.org/#atomic-http-redirect-handling * HTTP response status should probably be ignored (we never pay attention to it) * only text/html should be allowed (is that stated in the specification now?) * stopping of external resource loading is up to the UA mostly (unless there's explicit API which there's not) -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Saturday, 31 May 2014 07:02:22 UTC