- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 17 Sep 2015 10:28:33 +0200
- To: Francois Marier <francois@mozilla.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Sep 17, 2015 at 1:52 AM, Francois Marier <francois@mozilla.com> wrote: > I discussed this with my colleagues and we couldn't think of way that > this would lead to a security bug, but I thought I should mention it here. It doesn't lead to a security bug, but it can lead to observably different behavior, since we won't dispatch an error event for the second element. That seems bad. If this cache is used across documents, as with "list of available images" (a standardized concept) there's also CSP implications. -- https://annevankesteren.nl/
Received on Thursday, 17 September 2015 08:29:00 UTC