W3C home > Mailing lists > Public > public-web-security@w3.org > December 2011

Re: CSP and PostMessage?

From: Daniel Veditz <dveditz@mozilla.com>
Date: Mon, 19 Dec 2011 16:45:22 -0800
Message-ID: <4EEFDAA2.9070409@mozilla.com>
To: sird@rckc.at
CC: Eduardo Vela <sirdarckcat@gmail.com>, gaz Heyes <gazheyes@gmail.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, public-web-security@w3.org
On 12/19/11 1:01 AM, Eduardo Vela wrote:
> Is data exfiltration still a concern for CSP?
> 
> If not, then why xhr-src is there?

XHR is covered (under the new name 'connect-src' along with
EventSource and WebSockets) because it's a source of data used by
the page.
Received on Tuesday, 20 December 2011 00:46:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 20 December 2011 00:46:14 GMT