- From: Michael A. Peters <mpeters@shastaherps.org>
- Date: Tue, 14 Jun 2011 00:28:13 -0700
- To: Shelley Powers <shelleyp@burningbird.net>
- CC: public-html-comments@w3.org
Shelley Powers wrote: > I found the WhatWG discussion, if you can call it that. > > http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-June/032023.html > > What are the procedures in place to control change during Last Call? > > > Shelley > For what it is worth, I don't think the content of the html document is the place for security restrictions. It is better to do it via something like FireFox's "Content Security Policy" proposal, though I'm not sure if it currently covers ensuring mime types of served object match the object description. http://people.mozilla.com/~bsterne/content-security-policy/
Received on Tuesday, 14 June 2011 07:29:03 UTC