On Wed, 2003-03-12 at 07:29, Paul Arzul wrote: > unescaped html in "Valid CSS informations" is a potential security issue. > > simple test case[1]: > > body:before > { > content: "<script>alert('Hello World')</script>"; > } This bug has been added in the bugzilla database: http://www.w3.org/Bugs/Public/show_bug.cgi?id=145 > Paul Arzul wrote: > > > > a:before > > { > > content: "<b>bold</b>"; > > } > > > > validates fine - but the validator generated html produced is: > > > > <b>bold</b> > > > > when it should[1] be: > > > > <b>bold</b> I believe this is the same bug. PhilippeReceived on Monday, 24 March 2003 17:27:16 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:00:50 UTC