W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: Content Security Policy and iframe@sandbox

From: gaz Heyes <gazheyes@gmail.com>
Date: Sun, 13 Feb 2011 20:53:11 +0000
Message-ID: <AANLkTikX__MnPvZGrrSQq6puUOKx0Ex0=9tCBfTcM6ih@mail.gmail.com>
To: "sird@rckc.at" <sird@rckc.at>
Cc: Adam Barth <w3c@adambarth.com>, "Steingruebl, Andy" <asteingruebl@paypal-inc.com>, "public-web-security@w3.org" <public-web-security@w3.org>
On 13 February 2011 12:23, sird@rckc.at <sird@rckc.at> wrote:

> I don't think an attribute called policy is the best solution, but I think
> something in that direction (being able to specify a CSP from an iframe)
> would solve that problem.
>

Nope defo not an attribute policy, an attacker could use this to their
advantage
Received on Sunday, 13 February 2011 20:53:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 13 February 2011 20:53:44 GMT