- From: Henrik Andersson <henke@henke37.cjb.net>
- Date: Wed, 06 May 2015 23:57:28 +0200
- To: Boris Zbarsky <bzbarsky@mit.edu>, www-style@w3.org
Boris Zbarsky skrev: > On 5/6/15 5:09 PM, Henrik Andersson wrote: >> Why stop at javascript? Lets just ban all funny urls that lead to >> surprises! I am <i>sure</i> that there is an authoritative list on >> protocols that have side effects. > > You mean like file://, right[1]? Banning that would be a good idea. > More like appx://turnoffcomputer and so on. There was a few reports of applications who didn't encode data correctly too, usually leading to remote code execution and such.
Received on Wednesday, 6 May 2015 21:57:59 UTC