W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2014

Re: [whatwg] Proposal: Write-only submittable form-associated controls.

From: Domenic Denicola <domenic@domenicdenicola.com>
Date: Wed, 15 Oct 2014 15:59:46 +0000
To: Mike West <mkwst@google.com>, WHAT Working Group Mailing List <whatwg@whatwg.org>
Message-ID: <9489b4f4d87d44b4b1a16530a5e8da40@BY1PR0501MB1477.namprd05.prod.outlook.com>
Cc: Jonas Sicking <jonas@sicking.cc>
For the XSS attacker, couldn't they just use `theInput.removeAttribute("writeonly"); alert(theInput.value);`?

Or is this some kind of new "un-removable attribute"?

Received on Wednesday, 15 October 2014 16:00:37 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC