- From: Gervase Markham <gerv@mozilla.org>
- Date: Mon, 31 Jan 2011 10:38:48 +0000
- To: gaz Heyes <gazheyes@gmail.com>
- CC: public-web-security@w3.org
On 31/01/11 10:36, gaz Heyes wrote: > 2) Validator. You need to validate policies, so we know what they are > doing instead of thinking we know what they're doing. Should CSP refuse > to load sites with invalid policies or syntax errors? I think yes. It would also be good to have a Firefox extension which applied a policy to pages on a defined site, so one could test policies without even having to alter your server-side code, or well-meaning people could develop sample policies for big websites. (Basically, it's an HTTP header injector, except it would turn off any reporting to the site owner, including events, so they weren't spammed.) Gerv
Received on Monday, 31 January 2011 10:39:26 UTC