W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: [Content Security Policy] Proposal to move the debate forward

From: gaz Heyes <gazheyes@gmail.com>
Date: Mon, 31 Jan 2011 10:36:46 +0000
Message-ID: <AANLkTimQERxYSV1MexuXyBp3My1Sf4zi+B1vHtUH1ZHD@mail.gmail.com>
To: Gervase Markham <gerv@mozilla.org>
Cc: public-web-security@w3.org
Ok I've thought about this, IMO here is what you need:-

1) Policy editor. A online/offline editor to create policy scripts with a
nice UI.
2) Validator. You need to validate policies, so we know what they are doing
instead of thinking we know what they're doing. Should CSP refuse to load
sites with invalid policies or syntax errors? I think yes.
3) English translator. It will read the policy you have created and tell you
in plain English what it does.

Then I don't mind what syntax you have and I don't have to understand it :)
Received on Monday, 31 January 2011 10:37:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 31 January 2011 10:37:21 GMT