W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2014

Re: [whatwg] Stricter data URL policy

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 02 Jun 2014 10:24:47 -0400
Message-ID: <538C892F.10202@mit.edu>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHATWG <whatwg@lists.whatwg.org>

On 6/2/14, 10:15 AM, Anne van Kesteren wrote:
> The attack is the URL. A developer has to specifically consider data
> URLs and realize their implications.

Note that this is already true for javascript: URLs in @src values (but 
not in location sets and the like, I agree).

-Boris

Received on Monday, 2 June 2014 14:25:15 UTC

This message: [ Message body ]
Next message: Justin Novosad: "Re: [whatwg] Proposal: toDataURL “image/png” compression control"
Previous message: Anne van Kesteren: "Re: [whatwg] Stricter data URL policy"
In reply to: Anne van Kesteren: "Re: [whatwg] Stricter data URL policy"
Next in thread: Jonas Sicking: "Re: [whatwg] Stricter data URL policy"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:21 UTC