- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Fri, 21 Jan 2011 20:10:48 -0800
- To: Adam Barth <w3c@adambarth.com>
- CC: Michal Zalewski <lcamtuf@coredump.cx>, public-web-security@w3.org
On 1/21/11 7:42 PM, Adam Barth wrote: > On Fri, Jan 21, 2011 at 6:21 PM, Daniel Veditz <dveditz@mozilla.com> wrote: >> I'd be perfectly happy to add [...] > [...] >> That can be added to CSP quite easily [...] > > I guess, from my perspective, the more interesting discussion is about > what to remove, not about what to add. My main sadness about CSP is > that it is too large and too complex. Adding more bells and whistles > exacerbates that sadness. "bells and whistles"? Those seemed to be main points of your counter-proposal. They weren't things you were proposing to remove from CSP, they were things both proposals do that you wanted done differently. At least the <meta> point was. Lacking context I'm guessing the other snip was in response to mz's URI vs origin suggestion. That's not something I want to add, but the syntax is purposefully flexible and if consensus says that's a better granularity for control there's no reason CSP couldn't do that. -Dan Veditz
Received on Saturday, 22 January 2011 04:11:58 UTC