W3C home > Mailing lists > Public > public-web-security@w3.org > December 2012

Re: CSP - Prevent DOM XSS only?

From: gaz Heyes <gazheyes@gmail.com>
Date: Tue, 11 Dec 2012 11:12:27 +0000
Message-ID: <CADJi-imhbkQ6o4sOzdYF7=6dH5uOQHNfh0gsxCtAzoX+FuaPPQ@mail.gmail.com>
To: "Eduardo' Vela" <evn@google.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>, Adam Barth <w3c@adambarth.com>
On 10 December 2012 20:44, Eduardo' Vela <evn@google.com> wrote:

> Well, mostly because we can define this as a policy to a large set of
> products without having to include a large JS file rather than a hack with
> the JS environment :)
>

Who said the js file has to be large :P this is what hacking is for.
Received on Tuesday, 11 December 2012 11:13:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 11 December 2012 11:13:30 GMT