On Mon, Feb 25, 2013 at 4:30 AM, Adam Barth <[email protected]> wrote: > I don't think there is a security problem with that. It's just a > question of how much it complicates the model.
Well currently for http://software.hixie.ch/utilities/cgi/data/data Chrome generates a network error if you hit "Generate" with the reason "unsafe redirect". And that's a simple http to data URL redirect without CORS coming into play. -- http://annevankesteren.nl/
