- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Tue, 25 Jan 2011 14:05:20 -0800
- To: Adam Barth <w3c@adambarth.com>
- CC: Gervase Markham <gerv@mozilla.org>, Lucas Adamski <lucas@mozilla.com>, public-web-security@w3.org
On 01/25/2011 01:45 PM, Adam Barth wrote: > Ideally, we could come up with a policy mechanism that let us nail XSS > today and that fostered innovation in security for years to come. In > the short term, you could view the existing CSP features (e.g., > clickjacking protection) as the first wave of innovation. If those > pieces are popular, then it should be easy for other folks to adopt > them. Others have expressed interest in the existing CSP features within this discussion. If people find the features useful now then why would take a wait-and-see approach to building them in to the model? Cheers, Brandon
Received on Tuesday, 25 January 2011 22:07:12 UTC