http://codereview.appspot.com/115084/diff/1/2 File src/com/google/caja/lang/html/html4-attributes-extensions-defs.json (right): http://codereview.appspot.com/115084/diff/1/2#newcode16 Line 16: ], The javascript port scanner at http://www.securiteam.com/exploits/5DP010KJFE.html uses both img.onerror and img.onload. Does this addition enable port scanning, or is onerror required? http://codereview.appspot.com/115084
- [Caja] Re: allow <img onload=...> mikesamuel
- [Caja] Re: allow <img onload=...> felix8a
- [Caja] Re: allow <img onload=...> mikesamuel
- [Caja] Re: allow <img onload=...> felix8a
- [Caja] Re: allow <img onload=...> mikesamuel
