Re: lcamtuf on the subtle/deadly problem with CSP from Michal Zalewski on 2011-09-01 (public-web-security@w3.org from September 2011)

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 31 Aug 2011 21:53:53 -0700
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: Daniel Veditz <dveditz@mozilla.com>, Adam Barth <w3c@adambarth.com>, "sird@rckc.at" <sird@rckc.at>, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <CALx_OUCVcU_1dM0q4GFfanfr=9FcU3ChXFXPJb4GB19-gRhoOg@mail.gmail.com>

> The JSONP issue is one I've heard from multiple people, though, including CSP early adopters.   Is it time to standardize a safer way to use JSONP?

Possibly, but what effect would it realistically have at this point?

/mz

Received on Thursday, 1 September 2011 04:54:49 UTC