[whatwg] Javascript: URLs as element attributes

[Boris Zbarsky]

On 12/2/10 4:26 PM, Daniel Veditz wrote:
> On 12/1/10 10:25 AM, timeless wrote:
>> Pnglets date to around 1999 according to a quick read of http://elf.org/pnglets/
>
> Pnglets haven't worked in Mozilla for a long time,<img src=>  is
> sandboxed.

It's not just sandboxed; it also  doesn't execute.  There's a bug on 
this, where brendan keeps claiming we should execute it unsandboxed and 
I keep claiming that would be XSS-city and that if we run it, it needs 
to be sandboxed.  ;)

-Boris