Re: Unofficial Draft of Content Security Policy from Collin Jackson on 2011-03-07 (public-web-security@w3.org from March 2011)

From: Collin Jackson <collin.jackson@sv.cmu.edu>
Date: Sun, 6 Mar 2011 22:14:28 -0800
To: Brandon Sterne <bsterne@mozilla.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <AANLkTinBz8CPkB9uesTN6cM02g=LZ=BPwYpO=b-s_VuH@mail.gmail.com>

In Section 3.2, I don't think an empty policy should be a processing error
(it should just be ignored), but if you do want to consider it an
error, then I think the safest and most reasonable thing to do is not to
render the document at all.

On Thu, Mar 3, 2011 at 10:17 AM, Brandon Sterne <bsterne@mozilla.com> wrote:

> Hello all,
>
> Apologies for the delays in getting this published.  You can find the
> first Unofficial Draft of the Content Security Policy specification here:
>
> https://dvcs.w3.org/hg/content-security-policy/raw-file/bcf1c45f312f/csp-unofficial-draft-20110303.html
>
> I hope you will find the new format well-organized and reflective of our
> discussion so far.  While this document will likely remain in Unofficial
> Draft status until we get our charter reviewed and accepted, in the
> meantime this it should provide a good basis for further discussions.  I
> look forward to receiving your feedback.
>
> Best,
> Brandon
>
>

Received on Monday, 7 March 2011 06:16:57 UTC