Blank blocked-uris from Neil Matatall on 2013-02-05 (public-webappsec@w3.org from February 2013)

From: Neil Matatall <neilm@twitter.com>
Date: Tue, 5 Feb 2013 07:40:57 -0800
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAOFLtbg5NBQpJB3EbxNX8RE2rtBQw4FDs_78B1BZ1j8P+yV=9w@mail.gmail.com>

Hello all,

I was taking a look at our reports and noticed a significant number of
reports without a blocked-uri value. We tracked it down to two
(possibly more) culprits:

data: uris in images
javascript: uris in hrefs

I think the protocol would be enough information in this case.

Received on Tuesday, 5 February 2013 15:41:25 UTC