W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: [Content Security Policy] A more modular approach

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Wed, 2 Feb 2011 09:50:19 -0500
Message-ID: <AANLkTik+77jA9d45do1vqSXKgeDn8F_hOfa5i16X70C=@mail.gmail.com>
To: Gervase Markham <gerv@mozilla.org>
Cc: Adam Barth <w3c@adambarth.com>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
On Wed, Feb 2, 2011 at 4:37 AM, Gervase Markham <gerv@mozilla.org> wrote:
> It does, but what needs to be clear is the message to web developers. And I
> think it can be clear:
>
> "_Assume_ that everything not more specifically specified is covered by
> default-src."

Are you implying that a nontrivial number of web developers actually
read specifications, rather than copy-pasting code from somewhere and
testing in their favorite browser to make sure it works?  The reason
we need interoperability in web standards is because people don't read
specs and usually don't test in more than a couple of browsers, and we
want their page to still work in other browsers.
Received on Wednesday, 2 February 2011 15:06:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 2 February 2011 15:06:58 GMT