- From: =JeffH <Jeff.Hodges@KingsMountain.com>
- Date: Fri, 25 Feb 2011 13:43:22 -0800
- To: W3C Web Security Interest Group <public-web-security@w3.org>
AdamB said on Wed, 23 Feb 2011 21:18:26 -0800 > > On Wed, Feb 23, 2011 at 5:18 PM, Brandon Sterne <bsterne@mozilla.com> wrote: > >> I see your comments suggesting this change and Collin's supporting them. >> I don't see how you got from there to "this group". I'm not saying the >> suggested change is without merit, but there is a case to be made >> against it which Dan brought up. I think the debate is still open. > > Fair enough. Perhaps we should continue the discussion in the other thread. The other thread, and the four relevant msgs therein, are... Re: JavaScript URLs and script-src nit http://lists.w3.org/Archives/Public/public-web-security/2011Feb/0096.html http://lists.w3.org/Archives/Public/public-web-security/2011Feb/0097.html http://lists.w3.org/Archives/Public/public-web-security/2011Feb/0098.html http://lists.w3.org/Archives/Public/public-web-security/2011Feb/0113.html ..tho retitling it (or just carrying over into this thread) may be a good idea. HTH, =JeffH >> On 02/22/2011 07:41 PM, Adam Barth wrote: >>> >>> Oh, I meant this group. >>> >>> Adam >>> >>> >>> On Tue, Feb 22, 2011 at 6:24 PM, Daniel Veditz <dveditz@mozilla.com> wrote: >>> >>>> I haven't seen any consensus forming on that, maybe Adam's "we" >>>> means webkit. >>>> >>>> On 2/22/11 1:31 AM, sird@rckc.at wrote: >>>> >>>>> Oh, I wasn't aware that the "default-do-noting" was really happening. >>>>> >>>>> -- Eduardo >>>>> >>>>> On Tue, Feb 22, 2011 at 1:16 AM, Adam Barth <w3c@adambarth.com> wrote: >>>>> >>>>>> I don't think the situation is as tricky as you make it out to be, >>>>>> especially if we go the route of an empty CSP policy not implying >>>>>> inline script restrictions, which seems likely. >>>>>> >>>>>> Adam
Received on Friday, 25 February 2011 21:43:53 UTC