Re: Proposed directive for CSP.next: "no-user-js"

• From: Michal Zalewski <lcamtuf@coredump.cx>
• Date: Wed, 14 Dec 2011 14:15:10 -0800
• To: Brandon Sterne <bsterne@mozilla.com>
• Cc: public-web-security@w3.org
• Message-ID: <CALx_OUDFTdCc9iD+1hLZa31GeC_cJw+Pu+oWq=Sr_t35vshyyw@mail.gmail.com>

Or to put this differently, there is some risk that if you put browser
configuration settings in scope for CSP, you will end up with MSIE
zone model at some point ;-)

Received on Wednesday, 14 December 2011 22:16:01 UTC