Re: CSP 1.1 DOM design

Discussion of the IDL language aside, two of the suggestions from above
seem uncontroversial: `document.SecurityPolicy` should be renamed
`document.securityPolicy`, and `allowsEval`, `allowsInlineScript`,
`allowsInlineStyle`, and `isActive` should be converted to read-only
boolean attributes. I've made those changes in
https://dvcs.w3.org/hg/content-security-policy/rev/5a29424a37d4 and will
poke at them in WebKit at https://bugs.webkit.org/show_bug.cgi?id=101321.

On Tue, Nov 6, 2012 at 10:04 AM, Alex Russell <slightlyoff@google.com>wrote:

> As I suggested before, the exercise here should be to write down the
> behavior you want in JS and then transcribe it back to IDL. I'm
> implementing a SecurityPolicy class right now and can post it for review
> when it's done.
>

I'm interested in seeing this; it should give us a good basis upon which to
discuss the functionality we want to provide. The interface that's up now
is pretty much a strawman to generate exactly this sort of discussion.

Thanks!

--
Mike West <mkwst@google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Received on Tuesday, 6 November 2012 09:36:54 UTC