W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2012

Re: CSP 1.1: More granular source list definitions.

From: Odin Hørthe Omdal <odinho@opera.com>
Date: Wed, 04 Jul 2012 10:44:01 +0200
To: public-webappsec@w3.org
Message-ID: <op.wgwyjnsv49xobu@odinho-fido.oslo.osa>
On Tue, 03 Jul 2012 21:23:08 +0200, Mike West <mkwst@google.com> wrote:
> Given that history, we might have success at preparing the way for  
> granularity in 1.1 by adding a warning to 1.0 implementations now,  
> noting that the path component is being ignored. That would be  
> lighter-weight than a version component.

Yeah, printing out a warning in the console might help restraining the  
craziness that is the web a bit. However, as said, it's a wild web out  
there, so I'd rather err on the side of not really waiting that long.

If we could flesh out how we'd like this to behave, and ready things for  
the CSP 1.1 draft, (or even make a branch for it now), I would at least be  
interested in Opera implementing support for the path component straight  
away if we were to do CSP right now.

There are things that are more important than rubber stamped version  
numbers ;-)

-- 
Odin Hørthe Omdal (Velmont/odinho) · Core, Opera Software, http://opera.com
Received on Wednesday, 4 July 2012 08:44:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 4 July 2012 08:44:39 GMT