W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Re: CSP violations introduced by Addons / Extensions

From: Ingo Chao <ichaocssd@googlemail.com>
Date: Mon, 29 Oct 2012 09:41:21 +0100
Message-ID: <CAAET60X76HyayEt8Hh7DgEfda1a-hwr6Z+Wf7yRMBxRikaaBSw@mail.gmail.com>
To: Dan Veditz <dveditz@mozilla.com>
Cc: Mike West <mkwst@google.com>, "Eduardo' Vela" <evn@google.com>, public-webappsec@w3.org
On Sat, Oct 27, 2012 at 12:37 AM, Dan Veditz <dveditz@mozilla.com> wrote:
> On 10/25/12 12:24 AM, Ingo Chao wrote:
>>
>> Without the violation report for extensions/addons, monitoring loses
>> the chance to highlight risks coming from injected scripts.
>
>
> You mean you, as a site author, want to be informed when an extension has
> injected content whether the extension wants to be identified or not? That's
> the exact opposite of what Fred Andrews was requesting.
>
> -Dan Veditz

Yes. I am more concerned about the impact on privacy that an add-on may create.

Ingo
Received on Monday, 29 October 2012 08:41:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 29 October 2012 08:41:49 GMT