- From: James M Snell <jasnell@gmail.com>
- Date: Mon, 2 Jun 2014 05:54:11 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Jonas Sicking <jonas@sicking.cc>, WebApps WG <public-webapps@w3.org>
Received on Monday, 2 June 2014 12:54:38 UTC
So long as they're handled with the same policy and restrictions as the script tag, it shouldn't be any worse. On Jun 2, 2014 2:35 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote: > How big of a problem is it that we're making <link> as dangerous as > <script>? HTML imports can point to any origin which then will be able > to execute scripts with the authority of same-origin. > > > -- > http://annevankesteren.nl/ > >
Received on Monday, 2 June 2014 12:54:38 UTC