* rektide <rekt...@voodoowarez.com> wrote:
4. Whitelisting seems fundamentally 'anti-web' by enforcing only what is out there already.
In theory, you're right. But in practice allowing everything except blacklisted protocols is simply too scary, and we're not going to implement anything like that. For content types, we rely on a dynamic blacklist based on which content types the browser knows of already. That's slightly more reassuring, but still scary. I'm sure we've missed something, somewhere. -- Wilhelm Joys Andersen Core, Opera Software
