W3C home > Mailing lists > Public > www-style@w3.org > May 2015

[css-images][css-values] banning javascript: urls

From: Florian Rivoal <florian@rivoal.net>
Date: Wed, 6 May 2015 22:51:36 +0200
Message-Id: <6BD5451C-CD87-4C58-9450-036590D7A24F@rivoal.net>
To: www-style list <www-style@w3.org>

As shown in this presentation, firefox used to let you load "javascript:" urls as <image> values, and do fun things like freeze the browser.

https://www.youtube.com/watch?feature=player_detailpage&v=WjP7TEKB7Uo#t=1542

As far as I can tell, this no longer reproduces, but this should probably be explicitly forbidden by the spec anyway.

 - Florian

Received on Wednesday, 6 May 2015 20:52:00 UTC

This message: [ Message body ]
Next message: Henrik Andersson: "Re: [css-images][css-values] banning javascript: urls"
Previous message: Tab Atkins Jr.: "Re: [css-counter-styles] Allow impls to extend range of hebrew"
Next in thread: Henrik Andersson: "Re: [css-images][css-values] banning javascript: urls"
Reply: Henrik Andersson: "Re: [css-images][css-values] banning javascript: urls"
Reply: Tab Atkins Jr.: "Re: [css-images][css-values] banning javascript: urls"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:08:54 UTC