W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Re: CSP violations introduced by Addons / Extensions

From: Dan Veditz <dveditz@mozilla.com>
Date: Fri, 26 Oct 2012 15:37:33 -0700
Message-ID: <508B10AD.5020505@mozilla.com>
To: Ingo Chao <ichaocssd@googlemail.com>
CC: Mike West <mkwst@google.com>, Eduardo' Vela <evn@google.com>, public-webappsec@w3.org
On 10/25/12 12:24 AM, Ingo Chao wrote:
> Without the violation report for extensions/addons, monitoring loses
> the chance to highlight risks coming from injected scripts.

You mean you, as a site author, want to be informed when an extension 
has injected content whether the extension wants to be identified or 
not? That's the exact opposite of what Fred Andrews was requesting.

-Dan Veditz
Received on Friday, 26 October 2012 22:38:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 26 October 2012 22:38:03 GMT