W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: [Content Security Policy] Proposal to move the debate forward

From: gaz Heyes <gazheyes@gmail.com>
Date: Thu, 27 Jan 2011 22:52:10 +0000
Message-ID: <AANLkTimFcShxHxLT1OOwo1g-M-nDqEB0KryWjytGCwjA@mail.gmail.com>
To: Michal Zalewski <lcamtuf@coredump.cx>
Cc: Devdatta Akhawe <dev.akhawe@gmail.com>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
On 27 January 2011 22:42, Michal Zalewski <lcamtuf@coredump.cx> wrote:

> Many people proposed this, and it's a superior alternative on many
> counts, but I think that nobody figured out a nice way to do this that
> would be at least sort-of XML-compatible - and that's a
> deal-breaker...
>

You've lost me there. Why could it not be made compatible with XML?
All you need is a start and end it doesn't matter the format, once a start
and end is defined the parser would start looking for the tokens first and
any invalid injections inside could be removed or prevented from overlapping
with other markers.
Received on Thursday, 27 January 2011 22:52:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 27 January 2011 22:52:45 GMT