- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 07 Apr 2011 13:53:10 +0200
- To: Adam Barth <w3c@adambarth.com>
- CC: public-web-security@w3.org
On 07.04.2011 08:42, Adam Barth wrote: > Which CSP directive should control XSLT style sheets? > > style-src says: > [[ > The style-src directive defines the list of sources that are permitted > to load<link rel="stylesheet"> elements, or external stylesheets. > ]] > > Is an XSLT an external style sheet? > > On the other had, they can be used to inject markup into the document, > so maybe controlling them with script-src is more appropriate? On yet > ... Is "inject" the right term here? After all, applying XSLT yields a new document, no? BR, Julian
Received on Thursday, 7 April 2011 11:53:45 UTC