Ditch SCRIPT_ELEMENT_NOT_ALLOWED ?

Question

Ditch SCRIPT_ELEMENT_NOT_ALLOWED ?

flukeout opened this issue 7 years ago · comments

This is outdated, correct?

Pomax · Answer 1 · Tue Oct 17 2017 00:26:09 GMT+0800 (China Standard Time)

It should be - this is from before we had a separate preview domain, which allowed someone to craft some sneaking JS that would read in document.cookies =)