- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 02 Jun 2014 10:24:47 -0400
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WHATWG <whatwg@lists.whatwg.org>
On 6/2/14, 10:15 AM, Anne van Kesteren wrote: > The attack is the URL. A developer has to specifically consider data > URLs and realize their implications. Note that this is already true for javascript: URLs in @src values (but not in location sets and the like, I agree). -Boris
Received on Monday, 2 June 2014 14:25:15 UTC