W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2014

Re: [whatwg] Stricter data URL policy

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 02 Jun 2014 09:03:05 -0400
Message-ID: <538C7609.1070602@mit.edu>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHATWG <whatwg@lists.whatwg.org>
On 6/2/14, 9:00 AM, Anne van Kesteren wrote:
> You're not persuaded by the attack scenario?

Correct.  I mean, the same scenario applies to srcdoc, document.write() 
into an iframe, etc.  Why are data urls special?

> Provided we agree that it is always unset after any redirect, yes.

We agree on that.

-Boris
Received on Monday, 2 June 2014 13:03:32 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:21 UTC