Skip to content

list forbidden attributes #587

Answered by boutell
mlarcher asked this question in Q&A
Dec 7, 2022 · 2 comments · 1 reply
Discussion options

You must be logged in to vote

I think it is the other way around: there are too many attributes out there that can embed JavaScript, etc. for a "forbidden list" to ever really be safe. Or it could be safe for a day and then a new attribute pops up in some browsers. Always use an allowed list.

Replies: 2 comments 1 reply

Comment options

You must be logged in to vote
1 reply
@mlarcher
Comment options

Answer selected by boutell
Comment options

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants