[Webkit-unassigned] [Bug 10313] xsl:import and document() don't work in stylesheets loaded via XMLHttpRequest

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 24 11:33:41 PDT 2010


--- Comment #52 from Adam Barth <abarth at webkit.org>  2010-06-24 11:33:40 PST ---
I'm concerned that this patch would make 

DOMParser.parseFromString("... untrusted data ...", "application/xml")

an XSS vulnerability.  I don't think that's right.  Do these tests pass in other browsers?

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list