This change is supposed to mitigate dangling markup injections using the target (and formtarget) attribute: https://portswigger.net/research/evading-csp-with-dom-based-dangling-markup
This is mostly useful together with another mitigation for parsing URLs, that isn't part of the specification yet: https://github.com/whatwg/html/pull/10022 I judge the possibility of real web content being impacted by this change to be near zero. Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1835157 Standard: https://github.com/whatwg/html/pull/9309 Platform coverage: All Preference: none DevTools bug: n/a Link to standards-position discussion: None Other browsers: * Blink: shipping https://issues.chromium.org/issues/40259279 * WebKit: shipping bugs.webkit.org/show_bug.cgi?id=257349 web-platform-tests: https://wpt.fyi/results/html/browsers/windows/dangling-markup-window-name.html -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CA%2BCWiYiwREuwMaN3J-sdy0x6rcaxEGxU5riM6Ms%2Bq9wq3EstYA%40mail.gmail.com.
