W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: [Content Security Policy] A more modular approach

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Sat, 5 Feb 2011 19:18:29 -0500
Message-ID: <AANLkTimzZPnvvH4Jh8E8PT+P-MU+7jcxx-4NeF=oeYno@mail.gmail.com>
To: Lucas Adamski <ladamski@mozilla.com>
Cc: public-web-security@w3.org
On Fri, Feb 4, 2011 at 3:53 PM, Lucas Adamski <ladamski@mozilla.com> wrote:
> No they don't.  But there are many other actors in play.. blogs, how-to
> guides, magazines, books.  The authors of which can and do see their
> responsibility as translating specs into things web developers and
> admins can use.

Those sources will probably not copy over our warnings about things
that could theoretically go wrong, though.  At least judging by what
I've seen.  They'll mostly stick to practical advice like "This
feature will do X in browser A and Y in browser B", not "this feature
is theoretically defined to do anything from this range of things".
And lots of authors will learn by just copy-pasting without reading
any documentation at all.  We just don't have control over the message
web developers are going to get.  Web platform features need to work
the same in all browsers so that authors don't have to test in
different browsers -- that's the most painful part of web development
and is what we need to avoid wherever possible.
Received on Sunday, 6 February 2011 00:19:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 6 February 2011 00:19:23 GMT