W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: [Content Security Policy] A more modular approach

From: Lucas Adamski <ladamski@mozilla.com>
Date: Fri, 04 Feb 2011 12:53:07 -0800
Message-ID: <4D4C6733.4010102@mozilla.com>
To: public-web-security@w3.org
No they don't.  But there are many other actors in play.. blogs, how-to
guides, magazines, books.  The authors of which can and do see their
responsibility as translating specs into things web developers and
admins can use.

On 2/2/2011 6:50 AM, Aryeh Gregor wrote:
> On Wed, Feb 2, 2011 at 4:37 AM, Gervase Markham <gerv@mozilla.org> wrote:
>> It does, but what needs to be clear is the message to web developers. And I
>> think it can be clear:
>> "_Assume_ that everything not more specifically specified is covered by
>> default-src."
> Are you implying that a nontrivial number of web developers actually
> read specifications, rather than copy-pasting code from somewhere and
> testing in their favorite browser to make sure it works?  The reason
> we need interoperability in web standards is because people don't read
> specs and usually don't test in more than a couple of browsers, and we
> want their page to still work in other browsers.
Received on Friday, 4 February 2011 20:53:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:18 UTC