Re: More on XSS mitigation (was Re: XSS mitigation in browsers) from Adam Barth on 2011-01-22 (public-web-security@w3.org from January 2011)

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 21 Jan 2011 19:42:17 -0800
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Michal Zalewski <lcamtuf@coredump.cx>, public-web-security@w3.org
Message-ID: <AANLkTimbdCnCDK42eqnj_6VQKxJTe1t_L1EEPUNDkT73@mail.gmail.com>

On Fri, Jan 21, 2011 at 6:21 PM, Daniel Veditz <dveditz@mozilla.com> wrote:
> I'd be perfectly happy to add [...]
[...]
> That can be added to CSP quite easily [...]

I guess, from my perspective, the more interesting discussion is about
what to remove, not about what to add.  My main sadness about CSP is
that it is too large and too complex.  Adding more bells and whistles
exacerbates that sadness.

Adam

Received on Saturday, 22 January 2011 03:43:23 UTC