W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2014

Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1

From: Philip Constantinou <constantinou@gmail.com>
Date: Thu, 31 Jul 2014 18:30:55 -0700
Message-ID: <CADj+ZFib1HoGZVkKmxc0K87xS7308B=mooCECxoapdR4+gwwpg@mail.gmail.com>
To: public-webappsec@w3.org
Cc: mkwst@google.com, w3c@adambarth.com, dveditz@mozilla.com
Dear W3C CSP working group -

Evernote voices our strong opposition to the wording changes regarding
extensions and bookmarklets in CSP1.1 and our strong support of

http://lists.w3.org/Archives/Public/public-webappsec/2014Jul/0061.html.

Evernote provides a free web service to over 100 million users world wide.
We also provide browser extensions for Google Chrome, Safari, Internet
Explorer and Opera in addition to bookmarklets which are used on other user
agents. Additionally, we have ongoing development efforts on several mobile
browsers.

For example, the Evernote Web Clipper for Chrome is a top rated free
extension installed by over 3.4 million users.

We've built these extensions for the express purpose of allowing users to
capture and mark up content they find on the web. To create a great user
experience, our extensions insert JavaScript into the viewers page upon
user request. This mechanism risks being broken by the vague
extension/bookmarklet wording change proposed in CSP 1.1.

We strongly believe that users should be allowed to control their own
experience on the web through a choice of browser and the use of browsers
extensions. Changing the CSP specification in a way that limits browser
extensions operates counter to the needs of users and limits companies like
ours from making the web better for everyone.

Thank you for your consideration -


Philip Constantinou

VP of Products

Evernote

remember everything


ps. Sending this from my personal email address because the w3.org emailing
list says evernote.com is blacklisted.
Received on Sunday, 3 August 2014 12:58:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC