- From: Krzysztof Kotowicz <notifications@github.com>
- Date: Thu, 05 Mar 2020 04:44:38 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 5 March 2020 12:44:51 UTC
Thanks! For the record, `require-trusted-types-for 'script'` controls all enforcement for DOM XSS prevention (the only sink group we're tagetting right now), not just `javacript:` navigation. Point taken though, I'll try to clarify that in the explainer and review the spec to make that clear. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/198#issuecomment-595209995
Received on Thursday, 5 March 2020 12:44:51 UTC