Re: [w3c/webcomponents] HTML, CSS, and JSON modules shouldn't solely rely on MIME type to change parsing behavior (#839) from Ryosuke Niwa on 2019-10-10 (public-webapps-github@w3.org from October 2019)

From: Ryosuke Niwa <notifications@github.com>
Date: Thu, 10 Oct 2019 12:35:31 -0700
To: w3c/webcomponents <webcomponents@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webcomponents/issues/839/540747366@github.com>

Execution vs. no execution is an important distinction but changing the parser mode based on MIME type isn't great either. We've definitely had security attacks which used an existing content by reinterpreting it in a different text encoding & MIME type.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webcomponents/issues/839#issuecomment-540747366

Received on Thursday, 10 October 2019 19:35:34 UTC