- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Fri, 25 Feb 2011 08:44:45 -0800
- To: "sird@rckc.at" <sird@rckc.at>
- CC: Devdatta Akhawe <dev.akhawe@gmail.com>, public-web-security@w3.org
On 2/24/11 5:38 PM, sird@rckc.at wrote: >> - "script-keys" (nonce) > Is that really being considered? At what level? <script key="XXXX"> or > <anything key="XXXX">? I think the group has moved on from that proposal, but it was discussed seriously for a few days. It's a more workable proposal than "allow calls to user-defined functions in inline scripts, but not other statements". I still don't like it, but if we "must do something" I'd rather talk about script-keys again than try to make fine-grained distinctions within a highly dynamic scripting language like JavaScript. -Dan Veditz
Received on Friday, 25 February 2011 16:45:30 UTC