Re: HTML imports: new XSS hole?

On Mon, Jun 2, 2014 at 2:54 PM, James M Snell <> wrote:
> So long as they're handled with the same policy and restrictions as the
> script tag, it shouldn't be any worse.

Well, <script> is assumed to be unsafe, <link> is not (at least not to
the same extent).


Received on Monday, 2 June 2014 12:57:14 UTC