[Bug 26898] [imports]: <link rel=import> shouldn't be active when added by innerHTML from bugzilla@jessica.w3.org on 2014-09-24 (public-webapps-bugzilla@w3.org from September 2014)

From: <bugzilla@jessica.w3.org>
Date: Wed, 24 Sep 2014 22:24:07 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-26898-2532-8WcXvmNhy0@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26898

--- Comment #2 from Morrita Hajime <morrita@google.com> ---
Good question. Your points are valid.

I heard that the <script> blacklisting is a safeguard for reducing XSS.
Is it misunderstanding the intention of the spec?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 24 September 2014 22:24:08 UTC