Re: [HTML imports]: Imports and Content Security Policy from Nick Krempel on 2014-01-10 (public-webapps@w3.org from January to March 2014)

From: Nick Krempel <ndkrempel@google.com>
Date: Fri, 10 Jan 2014 13:51:21 +0000
To: Hajime Morrita <morrita@google.com>
Cc: Frederik Braun <fbraun@mozilla.com>, public-webapps <public-webapps@w3.org>, Gabor Krizsanits <gkrizsanits@mozilla.com>
Message-ID: <CAGu+aDeSbZ+wRsw3YZm8e9VBoeF_HqCn4OD=K3HMvT8pq3Gg1A@mail.gmail.com>

To clarify: your example is supposed to be an attack on imported.com, not
example.com (we can assume the attacker has control over example.com)?

Nick

Received on Friday, 10 January 2014 13:51:50 UTC