- From: Lonnie Best <notifications@github.com>
- Date: Wed, 01 May 2019 09:11:30 -0700
- To: w3c/webcomponents <webcomponents@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 1 May 2019 16:11:52 UTC
> There is a long history of vulnerabilities that involve socially engineering users into going to a URL via ads, URL shortneners, open redirectors, and `<a href="//cdn.org/people-dont-consistently-read-urls.js">Cute kittens</a>`. I have great respect for you Mike Samuel, because for your contributions to the standards, specifically: Tagged Template Literals. With that said, I'd like to respectfully point out, that: <a href="//cdn.org/people-dont-consistently-read-urls.js">Cute kittens</a> Is very similar to: <a href="//cdn.org/people-dont-consistently-read-urls.html">Cute kittens</a> My point is, that malicious javascript is that "is navigated to directly" is no more malicious that javascript that automatically runs from the prision of an html file. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webcomponents/issues/807#issuecomment-488328048
Received on Wednesday, 1 May 2019 16:11:52 UTC