- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Fri, 10 Feb 2012 00:44:37 -0800
- To: Adam Barth <w3c@adambarth.com>
- CC: public-webappsec@w3.org, Renata Hodovan <hodovan@inf.u-szeged.hu>
I agree that it looks like this feature /should/ be governed by the img-src directive. In Firefox it looks like svg <use> gets a generic TYPE_OTHER on the load and therefore is only controlled by default-src. Seems like a bug to me. On 2/2/12 2:14 PM, Adam Barth wrote: > dveditz, > > Do you know how Firefox handles this kind of resource currently? > > Adam > > > 2012/2/1 Renata Hodovan <hodovan@inf.u-szeged.hu>: >> Hi All, >> >> my name is Renata Hodovan and I work on WebKit. I'd like to add external >> resource support to SVGUseElement. During this I faced a problem. We should >> rate this new resource under a Content-Security-Policy directive. So the >> question is which one should it belong to? Currently I added it to the image >> directive. Is it right? >> You can find the bug here: https://bugs.webkit.org/show_bug.cgi?id=12499 >> >> Thanks in advance, >> Reni >> >
Received on Friday, 10 February 2012 08:45:05 UTC