search

googlearchive / core-style

Manage styling inside other elements and can be used to make themes.
https://www.polymer-project.org/0.5/docs/elements/core-style.html
10 stars 13 forks source link

<core-style> should use an element that parses in plain text mode #5

Open tjsavage opened 10 years ago

tjsavage commented 10 years ago

ex.

<style is="core-style" type="polymer/style">
    .span::before { content: "<script>alert(1)</script>"; }
</style>

Using today to do that will alert since it just has random HTML inside it which is both slower for the parser, and will interpret stuff inside it as tags. Instead it should work as above.