Skip to content
This repository has been archived by the owner on Mar 13, 2018. It is now read-only.

<core-style> should use an element that parses in plain text mode #5

Open
tjsavage opened this issue Jul 31, 2014 · 0 comments
Open
Labels

Comments

@tjsavage
Copy link

ex.

<style is="core-style" type="polymer/style">
    .span::before { content: "<script>alert(1)</script>"; }
</style>

Using today to do that will alert since it just has random HTML inside it which is both slower for the parser, and will interpret stuff inside it as tags. Instead it should work as above.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants