- From: Henrik Andersson <henke@henke37.cjb.net>
- Date: Wed, 06 May 2015 23:09:17 +0200
- To: Florian Rivoal <florian@rivoal.net>, www-style list <www-style@w3.org>
Florian Rivoal skrev: > As shown in this presentation, firefox used to let you load "javascript:" urls as <image> values, and do fun things like freeze the browser. > > https://www.youtube.com/watch?feature=player_detailpage&v=WjP7TEKB7Uo#t=1542 > > As far as I can tell, this no longer reproduces, but this should probably be explicitly forbidden by the spec anyway. > > - Florian > > Why stop at javascript? Lets just ban all funny urls that lead to surprises! I am <i>sure</i> that there is an authoritative list on protocols that have side effects.
Received on Wednesday, 6 May 2015 21:09:54 UTC