- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 20 Mar 2013 09:14:03 -0400
- To: Mike West <mkwst@google.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, "dveditz@mozilla.com" <dveditz@mozilla.com>, Adam Barth <w3c@adambarth.com>, "Hill, Brad" <bhill@paypal-inc.com>
On Tue, Mar 19, 2013 at 10:29 AM, Mike West <mkwst@google.com> wrote: > I've updated the spec in > https://dvcs.w3.org/hg/content-security-policy/rev/06d7091e7531 and > https://dvcs.w3.org/hg/content-security-policy/rev/5ad7f5b58dc0. Hopefully > that makes things a little less vague and strange. Thanks again, Anne, for > the pointers! So it's completely unclear when this event is dispatched. What task source is used, how does it relate to other events that fire when the violation occurs, etc. I have the feeling the right long term solution is tight integration with http://fetch.spec.whatwg.org/ to solve problems such as this. I don't have an immediate suggestion on how to fix this, but I think we should at least point out in the specification that this is not considered. -- http://annevankesteren.nl/
Received on Wednesday, 20 March 2013 13:14:34 UTC