- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 25 Feb 2013 15:06:36 -0500
- To: whatwg@lists.whatwg.org
On 2/25/13 3:00 PM, Adam Barth wrote: > Yes, that's to defend against a different sort of attack. In some > browsers, like Firefox, data URLs inherit the security context of > their authors. This is not the case for data: URLs that are the target of a redirect, for what it's worth. At least in Firefox, last I checked. The only argument I've seen for Chrome's behavior is in https://bugzilla.mozilla.org/show_bug.cgi?id=786275 -Boris
Received on Monday, 25 February 2013 20:07:02 UTC