[HTTPS-Everywhere] Possible problem with "src" URLs in <embed> tags
Alex Xu
alex_y_xu at yahoo.ca
Sun Jun 19 06:52:12 PDT 2011
"data" in object isn't filtered either.
Test case for iframe, object, and embed attached.
The embeds are unlikely to work; they don't work on my machine anyways.
On 11-06-17 12:41 AM, mezzanine at Safe-mail.net wrote:
> The following may be worth looking into. When the src attribute of an
> <embed> tag references a URL, it appears that the URL is _not_
> processed by the HTTPS-Everywhere extension. For instance, a URL
> might be referenced in a manner similar to the following:
>
> <embed src="http://www.example.org/content"></embed>
>
>
> (From what one remembers, this issue showed up with the "release"
> version of the extension, as opposed to the "development" version.)
>
> --Richard
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20110619/84e801c3/attachment.html>
More information about the HTTPS-everywhere
mailing list