review of Content Security Policy Level 2

I read through the Content Security Policy Level 2 [1] draft.  While I didn't see anything that is obviously an accessibility concern in this spec, there are a few questions I would like to ask the working group.

Accessibility tools operate on internet content as:

1.       Native OS software that uses an OS API to access content.  In this case, the browser implements this API.

2.       Proxies and frames such as webanywhere [2]

3.       Browser plug-ins extensions and add-ons that enhance browser functionality.  For example, the headingmap add-on for firefox [3]

How would each of these be impacted for a site using Content Security Policy Level 2?  In particular, how would the connect-src, frame-ancestors, and referrer directives impact webanywhere?  How would the sript-src and plugin-type  directives impact an add-in like headingmap?

It is also possible that a user could specify and alternate plug-in for a media type, using a plug-in with better accessibility.  I have not seen this in practice, so I don't know if it's a concern here.  Other PF people, do you know of AT that works like this?  If it is in use in the real world, then the plugin-types directive could also impact that.

[1] http://www.w3.org/TR/2014/WD-CSP2-20140703/
[2] http://webinsight.cs.washington.edu/papers/webanywhere-html/
[3] https://addons.mozilla.org/en-US/firefox/addon/headingsmap/

Received on Wednesday, 6 August 2014 22:42:22 UTC