On 21/01/11 22:44, Michal Zalewski wrote: > 3) Allowing inline scripts guarded by policy-specified nonce tokens > (<meta> says "inline-script-token=$random", inline scripts have > <script token="$previously_specified_random">...</script>). This > eliminates one of the most significant issues with deploying CSP or > this proposal on sites that are extremely concerned about the overhead > of extra HTTP requests; for example, much of *.google.com is subject > to such concerns. http://www.gerv.net/security/script-keys/ GervReceived on Saturday, 22 January 2011 08:29:44 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:25 UTC