W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: [Content Security Policy] Proposal to move the debate forward

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 27 Jan 2011 11:11:23 -0800
Message-ID: <4D41C35B.5000003@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: Michal Zalewski <lcamtuf@coredump.cx>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
On 1/27/11 11:05 AM, Adam Barth wrote:
> On Thu, Jan 27, 2011 at 10:35 AM, Daniel Veditz <dveditz@mozilla.com> wrote:
>> Borderline: favicons aren't "in" the page, but if you're worried
>> about exfiltration then it's a problem that they are linked to by
>> the page.
> 
> I don't think we'll ever be able to stop exfiltration.  IMHO, worrying
> about exfiltration is just a distraction.

I tend to agree, which is why the current CSP ignores favicons.
Received on Thursday, 27 January 2011 19:12:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 27 January 2011 19:12:05 GMT