W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: CSP : inline functions ?

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Fri, 25 Feb 2011 09:56:30 -0800
Message-ID: <AANLkTinYRoBVEGe9xj95c99ThnsiCBTiLNsR3r+npNy1@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: public-web-security@w3.org

>
>  <mytag id="sql_stuff" value="<PHP-code-here>" />
>
> then later in script (externally loaded, static)
>
>  foo(document.getElementById("sql_stuff").getAttribute("value"))
>

This is really slow compared to a direct call.

-devdatta



> -Dan Veditz
>

Received on Friday, 25 February 2011 17:58:24 GMT

This message: [ Message body ]
Next message: sird@rckc.at: "Re: CSP : inline functions ?"
Previous message: Daniel Veditz: "Re: CSP : inline functions ?"
In reply to: Daniel Veditz: "Re: CSP : inline functions ?"
Next in thread: sird@rckc.at: "Re: CSP : inline functions ?"
Reply: sird@rckc.at: "Re: CSP : inline functions ?"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 25 February 2011 17:58:26 GMT