W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] Make quoted attributes a conformance criteria

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Fri, 24 Jul 2009 18:44:36 -0400
Message-ID: <7c2a12e20907241544t5f8d2963jc6dd78df7f574802@mail.gmail.com>
On Fri, Jul 24, 2009 at 6:26 PM, Bil Corry<bil at corry.biz> wrote:
> That's a classic XSS vulnerability. ?The backend developer must know if there are quotes or not in the template, then encode/sanitize the value accordingly.

It's not XSS if the values are statically provided by the first
developer and aren't generated from user input.
Received on Friday, 24 July 2009 15:44:36 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC