Discussion of the IDL language aside, two of the suggestions from above seem uncontroversial: `document.SecurityPolicy` should be renamed `document.securityPolicy`, and `allowsEval`, `allowsInlineScript`, `allowsInlineStyle`, and `isActive` should be converted to read-only boolean attributes. I've made those changes in https://dvcs.w3.org/hg/content-security-policy/rev/5a29424a37d4 and will poke at them in WebKit at https://bugs.webkit.org/show_bug.cgi?id=101321. On Tue, Nov 6, 2012 at 10:04 AM, Alex Russell <slightlyoff@google.com>wrote: > As I suggested before, the exercise here should be to write down the > behavior you want in JS and then transcribe it back to IDL. I'm > implementing a SecurityPolicy class right now and can post it for review > when it's done. > I'm interested in seeing this; it should give us a good basis upon which to discuss the functionality we want to provide. The interface that's up now is pretty much a strawman to generate exactly this sort of discussion. Thanks! -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Tuesday, 6 November 2012 09:36:54 UTC