Re: object-src and plugins with no URLs

What if we added a source keyword 'local' to allow such content?

It could work in the case of a plugin, e.g. Google Gears, that doesn't
make requests for content, and could also potentially be used in other
directives once the Device API WG adds access to webcams and other local
resources (although we may want more granularity than a single keyword
since the risk profiles of webcam vs. Gears plugin is arguably much
different).

-Brandon


On 08/04/2011 05:29 PM, Adam Barth wrote:
> How should object-src 'self' (for example) interact with the following
> object tag?
> 
> <object type="application/x-plugin-that-does-not-make-any-http-requests"></object>
> 
> What about object-src * and object-src 'none'  ?
> 
> Adam
> 

Received on Monday, 8 August 2011 16:17:16 UTC