W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: script-src requirements

From: Brandon Sterne <bsterne@mozilla.com>
Date: Mon, 28 Mar 2011 13:24:29 -0700
Message-ID: <4D90EE7D.4090808@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: public-web-security@w3.org 
On 03/27/2011 04:48 PM, Adam Barth wrote:
> IMHO, we should phrase the resource-loading requirements for CSP in
> terms of HTML5's "fetch" apparatus:
> 
> http://www.whatwg.org/specs/web-apps/current-work/#fetching-resources
> 
> For example, that's how CORS specifies how to handle cross-origin
> XMLHttpRequests:
> 
> http://www.w3.org/TR/access-control/

This is a good suggestion.  I've created a TODO item in my personal
issue tracker and should be able to address this in the next week or so.

Thanks,
Brandon

> Adam
>
Received on Monday, 28 March 2011 20:22:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 28 March 2011 20:22:26 GMT