Re: New attribute typemustmatch

Shelley Powers wrote:
> I found the WhatWG discussion, if you can call it that.
> 
> http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-June/032023.html
> 
> What are the procedures in place to control change during Last Call?
> 
> 
> Shelley
> 

For what it is worth, I don't think the content of the html document is 
the place for security restrictions.

It is better to do it via something like FireFox's "Content Security 
Policy" proposal, though I'm not sure if it currently covers ensuring 
mime types of served object match the object description.

http://people.mozilla.com/~bsterne/content-security-policy/

Received on Tuesday, 14 June 2011 07:29:03 UTC