-
This test claims that if you set up a node with an inline style by manipulating .style and then clone the node then the clone should have the same .style _and_ the same computed style.
But cloning …
-
From the TAG security and privacy questionnaire: what behavior do we want if the API is invoked from a disconnected document (like a same-origin iframe)? Probably just immediately fail, right?
But …
-
We might drop this feature from Firefox as Chrome doesn't implement it and we keep running into issues with it. Latest is https://bugzilla.mozilla.org/show_bug.cgi?id=1548034.
-
## Request for Mozilla Position on an Emerging Web Specification
- Specification Title: Standardizing Security Semantics of Cross-Site Cookies
- Specification or proposal URL (if available): N/A
- …
-
Hello,
I can't find any infomation about the serial proposal, although it's listed at the bottom of this web page: https://github.com/w3c/webappsec-feature-policy/blob/master/features.md
![image…
ghost updated
5 years ago
-
Part of the changes are drafted, and then reverted in #7819
- How to test designer change after you make trusted-types changes.
Edit the html directly from developer's tool provided by brower.
…
-
If an external app opens a URL in the browser should the value of `Sec-Fetch-Site:` be `cross-site` or `none`? We're having this argument in [Firefox bug 1722044](https://bugzilla.mozilla.org/show_bug…
-
Pulling out from #222 and #235:
If policy name or rules would only be inspected, but not modified by the JS meta policy callback, and (apart from arbitrary side effects) the decision relevant to …
koto updated
9 months ago
-
Top level navigation's are useful as they bypass SameSite=Lax and cache partitioning while in most cases maintaining a window reference.
```javascript
async function bypassFirefox(url) {
let win …
-
Link: https://hackerone.com/reports/1028192
Date: 2020-11-06 09:17:44 UTC
By: ebot_api
Weakness: None
Details:
Cross-site Scripting (XSS) is an attack technique that involves echoing a…