- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 29 Jun 2017 02:34:17 +0000 (UTC)
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 29 June 2017 02:34:53 UTC
If we don't want to overload the generic URL parser we should figure out in which places this attack can take place (only HTML/SVG element attributes I assume?) and only apply the mitigation there. That might involve creating a new abstraction to invoke from these places. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/pull/284#issuecomment-311845650
Received on Thursday, 29 June 2017 02:34:53 UTC