W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: XSS mitigation in browsers

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Sat, 22 Jan 2011 00:59:49 -0800
Message-ID: <AANLkTin6TTqq+D4GvDAZ3gW5t3aqUMVnT+ULRWnMCZUE@mail.gmail.com>
To: Gervase Markham <gerv@mozilla.org>
Cc: Michal Zalewski <lcamtuf@coredump.cx>, gaz Heyes <gazheyes@gmail.com>, Giorgio Maone <g.maone@informaction.com>, Daniel Veditz <dveditz@mozilla.com>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org, Lucas Adamski <ladamski@mozilla.com>
> If the CSP policy disables all script, how will the script run which detects
> the event of a policy violation and reports it?

Don't do that :). I mean, that is a problem with Adam's original proposal too.


> Gerv
Received on Saturday, 22 January 2011 09:00:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:18 UTC