Item8256: Distinguish whether tags are seen in HEAD or BODY
Priority: Enhancement
Current State: No Action Required
Released In:
Target Release:
need to distinguish between script tags in the body and script tags in the HEAD. The crudest requirement is to double-check the filtering done by {AllowInlineScript} but there are other cases where the context may be important to the filtering (e.g. in varying the constraints on the URLs that can be used in the different contexts)
--
CrawfordCurrie - 26 Aug 2009
As discussed on IRC.
ADDTOHEAD
is going to allow topic editors to inject into the HEAD anyway.
--
PaulHarvey - 17 Sep 2009
Right. Without controls over the use of ADDTOHEAD, then relaxing the rule in the hEAD could result in disaster. So better not to do anything with this.
--
CrawfordCurrie - 17 Sep 2009