- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 22 Jan 2016 09:19:12 +0100
- To: David Ross <drx@google.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jan 21, 2016 at 11:52 PM, David Ross <drx@google.com> wrote: > Safety is enforced by the fact that the untrusted markup is contained > within a Safe Node. Breakout is prevented by the design pattern shown > above. (e.g.: Setting innerHTML will inherently never allow breaking > out of the containing node.) But if you instead use traversal, cloning, etc. it would be possible? And with sites that use event delegation you could spoof buttons and such. -- https://annevankesteren.nl/
Received on Friday, 22 January 2016 08:19:39 UTC