- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 02 Jun 2014 09:03:05 -0400
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WHATWG <whatwg@lists.whatwg.org>
On 6/2/14, 9:00 AM, Anne van Kesteren wrote: > You're not persuaded by the attack scenario? Correct. I mean, the same scenario applies to srcdoc, document.write() into an iframe, etc. Why are data urls special? > Provided we agree that it is always unset after any redirect, yes. We agree on that. -Boris
Received on Monday, 2 June 2014 13:03:32 UTC