Re: HTML imports: new XSS hole?

On Mon, 02 Jun 2014 11:32:45 +0200, Anne van Kesteren <>  

> How big of a problem is it that we're making <link> as dangerous as
> <script>? HTML imports can point to any origin which then will be able
> to execute scripts with the authority of same-origin.

I still think it is a problem.

Simon Pieters
Opera Software

Received on Tuesday, 3 June 2014 06:46:40 UTC