For import at least I think this change is important (insofar as any authoring
conformance criteria is important). See e.g.
https://github.com/bterlson/ecmascript/blob/master/spec/index.html for a usage
of as a kind of "include HTML here" macro that I find to be
a useful pattern.
It's probably OK to replace the URL of the previous page if it
otherwise doesn't interfere with the ongoing navigation. The old
attacks predated the pushState / replaceStates API altogether.
/mz
On Sun, Nov 2, 2014 at 1:43 PM, cowwoc wrote:
> On 02/11/2014 12:28 PM, Michal Zalewski wrote:
>>>
>>
On 02/11/2014 12:28 PM, Michal Zalewski wrote:
I believe I have a legitimate use-case (described in comment #9) for needing
to change the URL in "beforeunload".
I am probably at least partly to blame for the browsers not letting
you do that - I reported several onbeforeunload attacks some 8 year
On 11/02/2014 02:32 PM, Graham Klyne wrote:
On 01/11/2014 00:01, Sam Ruby wrote:
3) Explicitly state that canonical URLs (i.e., the output of the URL
parse step)
not only round trip but also are valid URIs. If there are any RFC
3986 errata
and/or willful violations necessary to make that a tru
Ilya wrote:
> 1) allow link tags in the body
> 2) add a note to implementors: consider treating link tags in body as a
> hint to the UA that what is above the link tag (in DOM order) should not be
> blocked on painting
This seems like a sensible proposal to me. The fact that this just codifies
ex
> I believe I have a legitimate use-case (described in comment #9) for needing
> to change the URL in "beforeunload".
I am probably at least partly to blame for the browsers not letting
you do that - I reported several onbeforeunload attacks some 8 years
ago. Sorry!:-)
In general, there is a secu
Hi,
I would like to bringhttps://code.google.com/p/chromium/issues/detail?id=428583
to your attention. Quoting comment #9:
I believe this is a corner case that is not adequately described. I was imagining
adding a clause somewhere around step 8
inhttps://html.spec.whatwg.org/multipage/browse