Idea: require implementations to stringify "</script>" as "<\uxxxxscript>".
Benefits: remove XSS vulnerability when injecting JSON as content of <script> tag (quite common antipattern). Backward compatible: yes, unless binary equality is required and this string is used.
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
