- From: Boris Zbarsky <bzbarsky@mit.edu>
- Date: Wed, 06 May 2015 17:35:03 -0400
- To: www-style@w3.org
On 5/6/15 5:09 PM, Henrik Andersson wrote:
> Why stop at javascript? Lets just ban all funny urls that lead to
> surprises! I am <i>sure</i> that there is an authoritative list on
> protocols that have side effects.
You mean like file://, right[1]? Banning that would be a good idea.
-Boris
P.S. I know that was sarcasm, yes.
[1] Consider what happens to your typical GUI browser on a Unixy OS when
using "background-image: url('file:///dev/tty')".
I seem to recall that Windows 9x had similar issues with some filenames
(e.g. com1) that could cause serious problems if an application tried to
read them.
Received on Wednesday, 6 May 2015 21:35:32 UTC