W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2012

webappsec-ISSUE-17 (Extension compat): CSP should take into account extensions which modify content

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 11 Sep 2012 03:23:16 +0000
Message-Id: <E1TBH4G-00057P-2V@tibor.w3.org>
To: public-webappsec@w3.org
webappsec-ISSUE-17 (Extension compat): CSP should take into account extensions which modify content

http://www.w3.org/2011/webappsec/track/issues/17

Raised by: Brad Hill
On product: 

Last Call comment by Fred Andrews:

http://lists.w3.org/Archives/Public/public-webappsec/2012Sep/0013.html

The approach the proposal takes fails to take into account extensions run on the client that modify and manipulate the application document.  Until there is a comprehensive solution that takes this reality into account this proposal is applicable only to a subset of locked down clients and thus it does not appear worthy of standardization at this stage.
Received on Tuesday, 11 September 2012 03:23:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 11 September 2012 03:23:17 GMT