ISSUE-48: injection of a <base> tag to change effective location of relative resources

base uri

injection of a <base> tag to change effective location of relative resources

State:
CLOSED
Product:
CSP Level 2
Raised by:
Brad Hill
Opened on:
2013-04-25
Description:
Questions:

1. how many sites are vulnerable to this?
2. how many sites currently set both an explicit base and use CSP?
3. how common generally is the use of base?

probably most common on static sites that may have been moved from one location to another (a way to avoid fixup of all links)

If breakage is minimal, setting CSP at all might imply that <base> is set to self by default
Related Actions Items:
No related actions
Related emails:
No related emails

Related notes:

No additional notes.

Display change log ATOM feed

Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 48.html,v 1.1 2020/01/17 08:52:34 carcone Exp $