-
MDV is pretty safe right now from innerHTML XSS bugs, because it uses textContent to bind text (see #57 for a request to loosen this up sometimes). However, attributes are unprotected. If the applicat…
-
p025に以下のようなmemoがあるのですが (番号は私が追加したもの)、
```
[^33]: HTML仕様の一本化の模索の中 で、W3C が発行した HTML5 とそ れ以前の仕様は、2018年3月に Superseded Recommendation に 変更、廃止されました。
```
これに対応する本文がどれなのかよくわかりません。前後の本文はこうなっています。
>W…
-
Currently working on repository development.
Actually I created a dataclass with some attributes and I am writing a script for enabling BLOB attributes to be read and searched.
Screenshots will follo…
-
All title, excerpt and content in csv and gexf a exporter with some ugly caracters instead of french accent. Maybe a probleme on UTF type in the DB before saving ? In the building of CSV or Gexf after…
-
Depending on the response, object/embed either create a browsing context or are embedding elements.
Service workers do not allow for this design as elements that create nested browsing contexts would…
-
Something like `Access-Control-Allow-Visible-Redirect: *`
This would make a redirect responses visible. If the request was cross-origin, it would still have to pass existing CORS checks, and would …
-
### Problem
See background in #18 and #478.
`URLSearchParams` was designed, not to hold URL query data, but instead to hold `application/x-www-form-urlencoded` data, i.e. the data that is sent t…
-
I propose we ship complete fetch bindings in Core. This has a few reasons:
1. Fetch is as close as an industry standard as we'll get for making network requests. The default experience in ReScript to…
-
### [REQUIRED] Environment info
**firebase-tools:**
13.22.0
**Platform:**
macOS Monterey 12.3
### [REQUIRED] Test case
This issue pertains to a deprecation warning emitted by the Fir…
-
The HTML spec defines the term [CORS-same-origin](https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-same-origin) which in turn references the concept of response [type](https://fetch.…