- From: sirdarckcat <notifications@github.com>
- Date: Tue, 21 Jul 2015 01:36:00 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 21 July 2015 08:36:32 UTC
An opaque response wouldn't be renderable, which would mitigate at least the XSS risk. It would still be possible to cache JS/Images, etc but they are usually not dangerous (one exception would be shared workers, but they can't be installed cross-origin). --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/79#issuecomment-123213894
Received on Tuesday, 21 July 2015 08:36:32 UTC