- From: Anne van Kesteren <notifications@github.com>
- Date: Mon, 10 Feb 2020 07:36:27 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 10 February 2020 15:36:30 UTC
There's still a risk here in that a previous harmless template can now be used for script injection if you can do some attribute injection. (Also, browsers continue to have security issues around `template` elements to this day, which isn't reassuring.) It'd be good to complete the algorithm so it deals with the element already having a shadow root and it details what "moving" means. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-584181875
Received on Monday, 10 February 2020 15:36:30 UTC