You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We notice that this library was removing links in href/src where there was no protocol.
However, the same doesn't apply to links in url() in style attributes on a background-image for example.
Why is that ?
Is there a security risk involving the need for a protocol ? If so, why does it not apply to url() too ?
If not, why is the protocol required in one place but not the other ?
Thanks
The text was updated successfully, but these errors were encountered:
Hi there,
We notice that this library was removing links in
href/srcwhere there was no protocol.However, the same doesn't apply to links in
url()instyleattributes on abackground-imagefor example.Why is that ?
Is there a security risk involving the need for a protocol ? If so, why does it not apply to
url()too ?If not, why is the protocol required in one place but not the other ?
Thanks
The text was updated successfully, but these errors were encountered: