- From: Mike West <mkwst@google.com>
- Date: Tue, 5 Feb 2013 17:02:39 +0100
- To: Neil Matatall <neilm@twitter.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Tuesday, 5 February 2013 16:03:33 UTC
This makes sense to me. I'd suggest doing the same for filesystem: and blob: URLs. If there are no objections, I'll add something to the spec. -mike -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 On Tue, Feb 5, 2013 at 4:40 PM, Neil Matatall <neilm@twitter.com> wrote: > Hello all, > > I was taking a look at our reports and noticed a significant number of > reports without a blocked-uri value. We tracked it down to two > (possibly more) culprits: > > data: uris in images > javascript: uris in hrefs > > I think the protocol would be enough information in this case. > >
Received on Tuesday, 5 February 2013 16:03:33 UTC