Re: [whatwg] Stricter data URL policy

On 6/2/14, 10:15 AM, Anne van Kesteren wrote:
> The attack is the URL. A developer has to specifically consider data
> URLs and realize their implications.

Note that this is already true for javascript: URLs in @src values (but 
not in location sets and the like, I agree).

-Boris

Received on Monday, 2 June 2014 14:25:15 UTC