Could be a good-first-bug for someone. On Mon, May 27, 2024 at 3:21 PM Nicolas Chevobbe <[email protected]> wrote: > > Tom, do you think we should have a DevTools bug to display a warning message > to the console when a target attribute is ignored? > > On Monday, May 27, 2024 at 3:00:12 PM UTC+2 Tom Schuster wrote: >> >> This change is supposed to mitigate dangling markup injections using >> the target (and formtarget) attribute: >> https://portswigger.net/research/evading-csp-with-dom-based-dangling-markup >> >> This is mostly useful together with another mitigation for parsing >> URLs, that isn't part of the specification yet: >> https://github.com/whatwg/html/pull/10022 >> >> I judge the possibility of real web content being impacted by this >> change to be near zero. >> >> Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1835157 >> Standard: https://github.com/whatwg/html/pull/9309 >> Platform coverage: All >> Preference: none >> DevTools bug: n/a >> Link to standards-position discussion: None >> Other browsers: >> * Blink: shipping https://issues.chromium.org/issues/40259279 >> * WebKit: shipping bugs.webkit.org/show_bug.cgi?id=257349 >> >> web-platform-tests: >> https://wpt.fyi/results/html/browsers/windows/dangling-markup-window-name.html
-- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CA%2BCWiYgGxpez7k%2BD4hfsQEz4e5%2BkvZNpeRWAy_PALmHXytiKuA%40mail.gmail.com.
