- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Wed, 27 Feb 2013 19:28:14 -0800
- To: Alex Russell <slightlyoff@google.com>
- Cc: Adam Barth <w3c@adambarth.com>, Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Michal Zalewski <lcamtuf@google.com>
> This isn't just about scripts; it affects forms, images, and every other > sort of network behavior. My point was that web application authors opt-in to XSS protection only when they specify a script-src. In the absence of script-src, we are in XSS world, not post-xss. --dev
Received on Thursday, 28 February 2013 03:29:05 UTC