- From: Neil Matatall <neilm@twitter.com>
- Date: Thu, 4 Sep 2014 09:58:38 -0700
- To: "Hill, Brad" <bhill@paypal.com>
- Cc: Mike West <mkwst@google.com>, Pawel Krawczyk <pawel.krawczyk@hush.com>, Dan Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
There's already plenty of non-URIs in that value: null about data:text/javascript;base64,... asset weixin android-webview pixivnanikahelper Or at least URIs that the standard java URI cannot parse. As a likely unauthenticated endpoint, validation is required either way.
Received on Thursday, 4 September 2014 16:59:07 UTC