- From: Krzysztof Kotowicz <notifications@github.com>
- Date: Thu, 29 Oct 2020 02:24:15 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 29 October 2020 09:24:28 UTC
Agreed with Anne. Sanitizing is not just for XSS, sometimes it's e.g. to prevent external HTTP requests (e.g. for hiding the IP address of the client in webmail application). To extend that logic, not to break such sanitizers (that passthrough attributes), the platform would have to stop adding attributes that trigger requests. And so on.. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-718532788
Received on Thursday, 29 October 2020 09:24:28 UTC