- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Tue, 25 Jan 2011 11:55:24 -0800
- To: Adam Barth <w3c@adambarth.com>
- CC: Gervase Markham <gerv@mozilla.org>, Lucas Adamski <lucas@mozilla.com>, public-web-security@w3.org
On 01/25/2011 10:42 AM, Adam Barth wrote: > On Tue, Jan 25, 2011 at 8:48 AM, Steingruebl, Andy wrote: >> CSP isn't only useful for stopping XS either. It can be a policy enforcement for where scripts can come from. Just like it can control framing, which isn't really about XSS either. I think it would be a lot less useful if it didn't include those capabilities/functions, as those are some of my major initial use cases. > > IMHO, in the first iteration we should nail XSS and set up a > extensible policy framework that we can extend to address other > threats in the future. > > Adam >
Received on Tuesday, 25 January 2011 19:57:44 UTC