Canmove, confirm
1,448
edits
Changes
Note on remote PAC files
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Remote script injection.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add-ons can use data-only APIs, but should never download and execute remote code, not even in the scope of a webpage. Any use of the <code><script></code> tag (like <code>createElement("script")</code>) needs to be carefully analyzed. Using remote [http://en.wikipedia.org/wiki/Proxy_auto-config PAC] files is not allowed.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <code><browser></code> or <code><iframe></code> elements with no <code>type</code> attribute, used in privileged documents.
