Re: CSP - Prevent DOM XSS only? from gaz Heyes on 2012-12-11 (public-web-security@w3.org from December 2012)

From: gaz Heyes <gazheyes@gmail.com>
Date: Tue, 11 Dec 2012 11:12:27 +0000
To: "Eduardo' Vela" <evn@google.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>, Adam Barth <w3c@adambarth.com>
Message-ID: <CADJi-imhbkQ6o4sOzdYF7=6dH5uOQHNfh0gsxCtAzoX+FuaPPQ@mail.gmail.com>

On 10 December 2012 20:44, Eduardo' Vela <evn@google.com> wrote:

> Well, mostly because we can define this as a policy to a large set of
> products without having to include a large JS file rather than a hack with
> the JS environment :)
>

Who said the js file has to be large :P this is what hacking is for.

Received on Tuesday, 11 December 2012 11:13:29 UTC