W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: [Content Security Policy] Proposal to move the debate forward

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Mon, 31 Jan 2011 02:28:52 -0800
Message-ID: <AANLkTin=652DYHX8ULm0QTS-Z0x_sG1oDn5MJE5X+UUy@mail.gmail.com>
To: Gervase Markham <gerv@mozilla.org>
Cc: Brandon Sterne <bsterne@mozilla.com>, gaz Heyes <gazheyes@gmail.com>, public-web-security@w3.org
> Caching on shared proxies is more of an issue, true.

Actually, I'm on crack, it isn't. Even though this allows user A to
see the token that will be returned on the page for user B, there is
also no way to retroactively inject content there.

/mz
Received on Monday, 31 January 2011 10:29:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 31 January 2011 10:29:49 GMT