Thomas Broyer has posted comments on this change.
Change subject: Add SafeUri overloads for setting properties used for
navigation
......................................................................
Patch Set 2:
Hmm, I don't know how AT deal with it in practice, but <frame longdesc="">
and <q cite=""> are supposed to be navigable. I otherwise agree that maybe
not all properties that take URIs need to be updated with a SafeUri
overload, though it'd be harmless to have them (except maybe for
ScriptElement, which is unsafe by definition).
Also, I had a <object data="javascript:alert('pwnd!')"></object> (built
with JS in the inspector) execute and show the alert.
--
To view, visit https://gwt-review.googlesource.com/2663
To unsubscribe, visit https://gwt-review.googlesource.com/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I8ab7a472b0c0c4470f00f7178de216f7c7e4e415
Gerrit-PatchSet: 2
Gerrit-Project: gwt
Gerrit-Branch: master
Gerrit-Owner: Matthew Dempsky <[email protected]>
Gerrit-Reviewer: Brian Slesinsky <[email protected]>
Gerrit-Reviewer: Guillaume Ryder <[email protected]>
Gerrit-Reviewer: Leeroy Jenkins <[email protected]>
Gerrit-Reviewer: Matthew Dempsky <[email protected]>
Gerrit-Reviewer: Thomas Broyer <[email protected]>
Gerrit-HasComments: No
--
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
---
You received this message because you are subscribed to the Google Groups "Google Web Toolkit Contributors" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
