RE: CSP syntax

> From: public-web-security-request@w3.org [mailto:public-web-security-request@w3.org] On Behalf Of gaz Heyes

> On 4 February 2011 12:31, gaz Heyes <gazheyes@gmail.com> wrote:

> Actually I have a better idea, a compiler. Write the policy in CSS/JSON, verify it then it compiles into a compact http header that is very 
> lightweight.

Again, with policies that are to visual inspection rather opaque, we risk repeating some of the same mistakes in the P3P world where people cut and paste compact P3P policies without any understanding of what they are doing.  This can be solved with tooling, it sure would be nice if a web browser and/or a web-based tool existed to clearly explain/expand what a P3P is telling you.  If that doesn't exist though, you end up with something that is prone to even more copy/paste problems.   

- Andy

Received on Friday, 11 February 2011 05:55:13 UTC