> By "exploitable" you mean "it might be possible to work around the > CSP restrictions on a case-by-case basis and continue exploiting > some of the sites that are already exploitable without CSP > protection," right? > > CSP isn't adding any exploits. Like condoms it may not provide 100% > protection against infection. Yes, of course. But I think as-is, origin scoping will fail in unexpected ways on many real-world sites. > Is that enough to knock this troll back under the bridge? That's a lot of effort, yes ;-) I do disagree with some points, and some are applicable only if you make the decoupling mandatory, but I wasn't seriously trying to derail the discussion, so let's leave it at that. (If I were to suggest improvements to CSP, that wouldn't be in the top 10.) /mzReceived on Thursday, 1 September 2011 02:54:42 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 1 September 2011 02:54:43 GMT