Even though there seems some protection by permissions, perhaps some things
should be black-listed: http-equiv="set-cookie" comes to mind, and
http-equiv="refresh" may be problematic too - and there are probably more.
( from user Duesentrieb )
Original issue reported on code.google.com by JeanLou....@gmail.com on 5 Jan 2008 at 6:47
Original issue reported on code.google.com by
JeanLou....@gmail.comon 5 Jan 2008 at 6:47