Re: [Content Security Policy] Proposal to move the debate forward from Michal Zalewski on 2011-01-31 (public-web-security@w3.org from January 2011)

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Mon, 31 Jan 2011 02:28:52 -0800
To: Gervase Markham <gerv@mozilla.org>
Cc: Brandon Sterne <bsterne@mozilla.com>, gaz Heyes <gazheyes@gmail.com>, public-web-security@w3.org
Message-ID: <AANLkTin=652DYHX8ULm0QTS-Z0x_sG1oDn5MJE5X+UUy@mail.gmail.com>

> Caching on shared proxies is more of an issue, true.

Actually, I'm on crack, it isn't. Even though this allows user A to
see the token that will be returned on the page for user B, there is
also no way to retroactively inject content there.

/mz

Received on Monday, 31 January 2011 10:29:48 UTC