W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2012

Re: unsafe-inline for style-src

From: Giorgio Maone <g.maone@informaction.com>
Date: Thu, 20 Sep 2012 20:40:34 +0200
Message-ID: <505B6322.9080608@informaction.com>
To: Boris Zbarsky <bzbarsky@MIT.EDU>
CC: Adam Barth <w3c@adambarth.com>, Mike West <mkwst@google.com>, public-webappsec@w3.org
On 20/09/2012 20:30, Boris Zbarsky wrote:
> On 9/20/12 2:16 PM, Adam Barth wrote:
>> Maybe it only works for data that's been pre-filled into input@value ?
> 
> It would work for that, yes.

...like most CSRF tokens.

-- G
Received on Thursday, 20 September 2012 18:40:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2012 18:40:54 GMT