W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2013

Blank blocked-uris

From: Neil Matatall <neilm@twitter.com>
Date: Tue, 5 Feb 2013 07:40:57 -0800
Message-ID: <CAOFLtbg5NBQpJB3EbxNX8RE2rtBQw4FDs_78B1BZ1j8P+yV=9w@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hello all,

I was taking a look at our reports and noticed a significant number of
reports without a blocked-uri value. We tracked it down to two
(possibly more) culprits:

data: uris in images
javascript: uris in hrefs

I think the protocol would be enough information in this case.
Received on Tuesday, 5 February 2013 15:41:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:31 UTC