Re: [Content Security Policy] Proposal to move the debate forward from gaz Heyes on 2011-01-31 (public-web-security@w3.org from January 2011)

From: gaz Heyes <gazheyes@gmail.com>
Date: Mon, 31 Jan 2011 10:36:46 +0000
To: Gervase Markham <gerv@mozilla.org>
Cc: public-web-security@w3.org
Message-ID: <AANLkTimQERxYSV1MexuXyBp3My1Sf4zi+B1vHtUH1ZHD@mail.gmail.com>

Ok I've thought about this, IMO here is what you need:-

1) Policy editor. A online/offline editor to create policy scripts with a
nice UI.
2) Validator. You need to validate policies, so we know what they are doing
instead of thinking we know what they're doing. Should CSP refuse to load
sites with invalid policies or syntax errors? I think yes.
3) English translator. It will read the policy you have created and tell you
in plain English what it does.

Then I don't mind what syntax you have and I don't have to understand it :)

Received on Monday, 31 January 2011 10:37:20 UTC