Re: [css-images][css-values] banning javascript: urls

Boris Zbarsky skrev:
> On 5/6/15 5:09 PM, Henrik Andersson wrote:
>> Why stop at javascript? Lets just ban all funny urls that lead to
>> surprises! I am <i>sure</i> that there is an authoritative list on
>> protocols that have side effects.
>
> You mean like file://, right[1]?  Banning that would be a good idea.
>
More like appx://turnoffcomputer and so on.

There was a few reports of applications who didn't encode data correctly
too, usually leading to remote code execution and such.

Received on Wednesday, 6 May 2015 21:57:59 UTC