W3C home > Mailing lists > Public > public-web-security@w3.org > December 2011

Re: Proposed directive for CSP.next: "no-user-js"

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 14 Dec 2011 17:12:20 -0500
Message-ID: <4EE91F44.7020608@mit.edu>
To: public-web-security@w3.org
On 12/14/11 5:08 PM, Brandon Sterne wrote:
> I propose that we add a new directive, no-user-js, which would cause the user-agent to disable functionality that allows the user to run JavaScript in the context of the page.  This would include the location bar as well as any other place that provides equivalent functionality.  This would NOT affect view-source or any other introspective, or "read-only" functionality.

Would this affect developer tools?

Would this affect something like Greasemonkey?

-Boris
Received on Wednesday, 14 December 2011 22:20:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 14 December 2011 22:20:16 GMT