ACTION-149: Document proposal of simply excluding blob:, data:, etc from matching * everywhere, no explicit tie to unsafe-eval
Document proposal of simply excluding blob:, data:, etc from matching * everywhere, no explicit tie to unsafe-eval
- State:
- closed
- Person:
- Daniel Veditz
- Due on:
- October 22, 2013
- Created on:
- September 10, 2013
- Related emails:
- No related emails
Related notes:
data: should not match *, current spec does not say that (as of 26-Feb)
Brad Hill, 26 Feb 2014, 16:12:47https://github.com/w3c/webappsec/pull/10
Brad Hill, 9 Apr 2014, 15:10:37Display change log.