W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2014

Re: [whatwg] Stricter data URL policy

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 02 Jun 2014 10:24:47 -0400
Message-ID: <538C892F.10202@mit.edu>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHATWG <whatwg@lists.whatwg.org>
On 6/2/14, 10:15 AM, Anne van Kesteren wrote:
> The attack is the URL. A developer has to specifically consider data
> URLs and realize their implications.

Note that this is already true for javascript: URLs in @src values (but 
not in location sets and the like, I agree).

-Boris
Received on Monday, 2 June 2014 14:25:15 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:21 UTC