- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Sun, 18 Dec 2011 22:01:53 -0800
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- CC: public-web-security@w3.org
On 12/15/11 3:05 PM, Devdatta Akhawe wrote: > Has a post-message-src directive being considered? From the > introduction in the specification: I don't recall any discussions about it. Since postMessage() can already be used safely I'm not feeling a burning need for it, but maybe you can convince us. If developers aren't remembering to use the security features that already exist would they think to add it to a content security policy? Naming quibble, -src seems ambiguous to me in this context (source of the message? source of the frame to which you're posting?). post-message-from might be clearer, but then it cries out for the corresponding post-message-to. -Dan Veditz
Received on Monday, 19 December 2011 06:02:30 UTC