[whatwg] Make quoted attributes a conformance criteria
Aryeh Gregor
Simetrical+w3c at gmail.com
Fri Jul 24 15:44:36 PDT 2009
On Fri, Jul 24, 2009 at 6:26 PM, Bil Corry<bil at corry.biz> wrote:
> That's a classic XSS vulnerability. The backend developer must know if there are quotes or not in the template, then encode/sanitize the value accordingly.
It's not XSS if the values are statically provided by the first
developer and aren't generated from user input.
More information about the whatwg
mailing list