Skip to content

Data URLs are not allowed to open top-level browsing contexts #1238

New issue
New issue
Closed
Closed
Data URLs are not allowed to open top-level browsing contexts#1238
Labels
spec: EPUB 3.3Impacting the support of EPUB 3.3status: completedWork completed, can be closed
Milestone
v5.0.0-beta
@mattgarrish

Description

@mattgarrish
mattgarrish
opened on Apr 19, 2021

Data URLs are forbidden from

  • manifest items
  • href attributes in svg and html (except when the document is loaded inside an iframe)

It's also technically forbidden from script window.open and document.open calls, but not sure we can enforce.

Metadata

Metadata

Assignees

No one assigned

    Labels

    spec: EPUB 3.3Impacting the support of EPUB 3.3status: completedWork completed, can be closed

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions