W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2012

Re: [webappsec] for afternoon F2F discussion, proposed CSP 1.1 JSONP directive

From: Daniel Veditz <dveditz@mozilla.com>
Date: Wed, 02 May 2012 15:39:10 -0700
Message-ID: <4FA1B78E.4080702@mozilla.com>
To: Michal Zalewski <lcamtuf@coredump.cx>
CC: "Hill, Brad" <bhill@paypal-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 5/2/12 12:39 PM, Michal Zalewski wrote:
> I think this is more elegantly solved by allowing full URL or possibly
> path scoping as an alternative to origin scoping for existing CSP
> directives.

That was also proposed and there was much more support to address
that in a near-future revision of CSP than the proposed JSONP
directive. In fact we are probably going to adjust our 1.0
syntax/parsing rules so that we can more easily extend it in 1.1
without breaking existing 1.0-supporting clients.

-Dan Veditz
Received on Wednesday, 2 May 2012 22:39:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 2 May 2012 22:39:48 GMT