- From: gaz Heyes <gazheyes@gmail.com>
- Date: Thu, 27 Jan 2011 17:46:38 +0000
- To: Gervase Markham <gerv@mozilla.org>
- Cc: Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
Received on Thursday, 27 January 2011 17:47:11 UTC
On 27 January 2011 17:11, Gervase Markham <gerv@mozilla.org> wrote: > Also, I'm not sure "nonce" is the right word. > http://en.wikipedia.org/wiki/Cryptographic_nonce > suggests that it's "number used once". As the above document discusses, I > can see various sites making various trade-offs about how often they change > the key, based on caching concerns. > > So I would suggest "script-key" as a better name. > The key should change on every request! We can inject a lot of into HTML
Received on Thursday, 27 January 2011 17:47:11 UTC