Anne <> changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #4 from Anne <> ---
We should probably actually clarify data URLs. I suspect they should not be
allowed here as they would be able to execute scripts. I need to add the flag
proposed by Jonas in and
HTML imports should probably not set it.

Is the text/html requirement stated?

Brendan, as for the rest:

* blob URLs can work if they're same-origin
* redirect should be followed
* HTTP response status should probably be ignored (we never pay attention to
* only text/html should be allowed (is that stated in the specification now?)
* stopping of external resource loading is up to the UA mostly (unless there's
explicit API which there's not)

You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to