- From: Gervase Markham <gerv@mozilla.org>
- Date: Sat, 22 Jan 2011 08:29:07 +0000
- To: Michal Zalewski <lcamtuf@coredump.cx>
- CC: Adam Barth <w3c@adambarth.com>, public-web-security@w3.org
On 21/01/11 22:44, Michal Zalewski wrote: > 3) Allowing inline scripts guarded by policy-specified nonce tokens > (<meta> says "inline-script-token=$random", inline scripts have > <script token="$previously_specified_random">...</script>). This > eliminates one of the most significant issues with deploying CSP or > this proposal on sites that are extremely concerned about the overhead > of extra HTTP requests; for example, much of *.google.com is subject > to such concerns. http://www.gerv.net/security/script-keys/ Gerv
Received on Saturday, 22 January 2011 08:29:44 UTC