[whatwg] "complete" DOM attribute (image elements)
simonp at opera.com
Sun Aug 30 22:54:06 PDT 2009
On Mon, 31 Aug 2009 06:20:19 +0200, Gavin Sharp <gavin.sharp at gmail.com>
> On Mon, Aug 31, 2009 at 12:05 AM, Boris Zbarsky<bzbarsky at mit.edu> wrote:
>> A site that cared about that could send image types for its image 404s,
>> Or does the spec require those to not be shown?
> I don't know what the spec requires,
"Whether the image is fetched successfully or not (e.g. whether the
response code was a 2xx code or equivalent) must be ignored when
determining the image's type and whether it is a valid image.
Note: This allows servers to return images with error responses, and have
> but if the site did that, it
> would mitigate the <img>.complete "attack" just as effectively as the
> observe-layout attack, so I fail to see why changing Gecko's behavior
> would introduce a privacy leak.
More information about the whatwg