W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: JavaScript URLs and script-src nit

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 18 Feb 2011 21:33:19 -0800
Message-ID: <4D5F561F.5050007@mozilla.com>
To: public-web-security@w3.org
On 2/18/11 9:19 PM, Collin Jackson wrote:
> It's confusing to have some
> security features that are on by default and others that you have to
> turn on manually. The empty policy should have no effect.

How is it much different than specifying different DOCTYPES in an
HTML document and triggering different quirks/standards modes in
browsers?

Why would anyone want to send a header that had no effect?

-Dan Veditz
Received on Saturday, 19 February 2011 05:34:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 19 February 2011 05:34:01 GMT