Re: [Content Security Policy] A more modular approach

On Wed, Feb 2, 2011 at 4:37 AM, Gervase Markham <> wrote:
> It does, but what needs to be clear is the message to web developers. And I
> think it can be clear:
> "_Assume_ that everything not more specifically specified is covered by
> default-src."

Are you implying that a nontrivial number of web developers actually
read specifications, rather than copy-pasting code from somewhere and
testing in their favorite browser to make sure it works?  The reason
we need interoperability in web standards is because people don't read
specs and usually don't test in more than a couple of browsers, and we
want their page to still work in other browsers.

Received on Wednesday, 2 February 2011 15:06:57 UTC