[Bug 26898] [imports]: <link rel=import> shouldn't be active when added by innerHTML

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26898

--- Comment #2 from Morrita Hajime <morrita@google.com> ---
Good question. Your points are valid.

I heard that the <script> blacklisting is a safeguard for reducing XSS.
Is it misunderstanding the intention of the spec?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 24 September 2014 22:24:08 UTC