W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: [Content Security Policy] Proposal to move the debate forward

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 27 Jan 2011 16:12:32 -0500
Message-ID: <4D41DFC0.4090502@mit.edu>
To: Adam Barth <w3c@adambarth.com>
CC: Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
On 1/27/11 3:39 PM, Adam Barth wrote:
> I'm not that excited about these features.  Maybe I don't understand
> the use cases sufficiently, but the benefits from these features seem
> outweighed by their complexity.  For example, what is the use case for
> being able to restrict font-src?

One that comes to mind to me is a site with user-contributed content 
where you want them to allow to style things some, and have a font 
library they can use, but don't want them to link to arbitrary other 
sites for the fonts.  I agree that this doesn't seem all that important 
so far.

Again, the XHR thing is more important than the others, from what I can 
tell.

-Boris
Received on Thursday, 27 January 2011 21:13:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 27 January 2011 21:13:38 GMT