Changes between Initial Version and Version 1 of Ticket #11773, comment 9
- Timestamp:
- Feb 25, 2015, 7:59:18 PM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #11773, comment 9
initial v1 1 `[wiki] safe_scheme a` option is introduced by #9557. According to [https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet attack vectors] in comment:6:ticket:9557, `data:` URI can lead XSS. So the option doesn't has `data` entry, I think.1 `[wiki] safe_schemes` option is introduced by #9557. According to [https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet attack vectors] in comment:6:ticket:9557, `data:` URI can lead XSS. So the option doesn't has `data` entry, I think.
