- From: Domenic Denicola <domenic@domenicdenicola.com>
- Date: Wed, 15 Oct 2014 15:59:46 +0000
- To: Mike West <mkwst@google.com>, WHAT Working Group Mailing List <whatwg@whatwg.org>
- Cc: Jonas Sicking <jonas@sicking.cc>
For the XSS attacker, couldn't they just use `theInput.removeAttribute("writeonly"); alert(theInput.value);`?
Or is this some kind of new "un-removable attribute"?
Received on Wednesday, 15 October 2014 16:00:37 UTC