Re: XSS mitigation in browsers

>
> If the CSP policy disables all script, how will the script run which detects
> the event of a policy violation and reports it?
>

Don't do that :). I mean, that is a problem with Adam's original proposal too.

-devdatta


> Gerv
>

Received on Saturday, 22 January 2011 09:00:51 UTC