W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: More on XSS mitigation (was Re: XSS mitigation in browsers)

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 21 Jan 2011 19:42:17 -0800
Message-ID: <AANLkTimbdCnCDK42eqnj_6VQKxJTe1t_L1EEPUNDkT73@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Michal Zalewski <lcamtuf@coredump.cx>, public-web-security@w3.org
On Fri, Jan 21, 2011 at 6:21 PM, Daniel Veditz <dveditz@mozilla.com> wrote:
> I'd be perfectly happy to add [...]
[...]
> That can be added to CSP quite easily [...]

I guess, from my perspective, the more interesting discussion is about
what to remove, not about what to add.  My main sadness about CSP is
that it is too large and too complex.  Adding more bells and whistles
exacerbates that sadness.

Adam
Received on Saturday, 22 January 2011 03:43:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 22 January 2011 03:43:24 GMT