Alright, I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1899251 for this
On Monday, May 27, 2024 at 4:11:09 PM UTC+2 Tom Schuster wrote: > Could be a good-first-bug for someone. > > On Mon, May 27, 2024 at 3:21 PM Nicolas Chevobbe <[email protected]> > wrote: > > > > Tom, do you think we should have a DevTools bug to display a warning > message to the console when a target attribute is ignored? > > > > On Monday, May 27, 2024 at 3:00:12 PM UTC+2 Tom Schuster wrote: > >> > >> This change is supposed to mitigate dangling markup injections using > >> the target (and formtarget) attribute: > >> > https://portswigger.net/research/evading-csp-with-dom-based-dangling-markup > >> > >> This is mostly useful together with another mitigation for parsing > >> URLs, that isn't part of the specification yet: > >> https://github.com/whatwg/html/pull/10022 > >> > >> I judge the possibility of real web content being impacted by this > >> change to be near zero. > >> > >> Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1835157 > >> Standard: https://github.com/whatwg/html/pull/9309 > >> Platform coverage: All > >> Preference: none > >> DevTools bug: n/a > >> Link to standards-position discussion: None > >> Other browsers: > >> * Blink: shipping https://issues.chromium.org/issues/40259279 > >> * WebKit: shipping bugs.webkit.org/show_bug.cgi?id=257349 > >> > >> web-platform-tests: > >> > https://wpt.fyi/results/html/browsers/windows/dangling-markup-window-name.html > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/a4f5725f-2bf4-4338-947d-713a5e3d3de1n%40mozilla.org.
