W3C home > Mailing lists > Public > public-web-security@w3.org > September 2011

Re: lcamtuf on the subtle/deadly problem with CSP

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 31 Aug 2011 21:53:53 -0700
Message-ID: <CALx_OUCVcU_1dM0q4GFfanfr=9FcU3ChXFXPJb4GB19-gRhoOg@mail.gmail.com>
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: Daniel Veditz <dveditz@mozilla.com>, Adam Barth <w3c@adambarth.com>, "sird@rckc.at" <sird@rckc.at>, "public-web-security@w3.org" <public-web-security@w3.org>
> The JSONP issue is one I've heard from multiple people, though, including CSP early adopters.   Is it time to standardize a safer way to use JSONP?

Possibly, but what effect would it realistically have at this point?

/mz
Received on Thursday, 1 September 2011 04:54:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 1 September 2011 04:54:50 GMT