- From: Justin Fagnani <notifications@github.com>
- Date: Thu, 22 Oct 2020 09:13:10 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 22 October 2020 16:13:22 UTC
> `<template>` makes its whole subtree inert, which is why ignoring the subtree would not have caused XSS, at least directly - there might be application-specific gadgets that would import the "scripty" nodes from under the template. I would argue that there _certainly_ would be gadgets with a `<template>`. Why else would the `<template>` exist if not to create DOM from it? It's not useful otherwise. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-714601218
Received on Thursday, 22 October 2020 16:13:22 UTC