[Bug 15476] [Templates]: Specify how templates work from bugzilla@jessica.w3.org on 2013-04-21 (public-webapps-bugzilla@w3.org from April 2013)

From: <bugzilla@jessica.w3.org>
Date: Sun, 21 Apr 2013 13:30:00 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-15476-2532-e6gVRkIvCy@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=15476

fbender <fb+w3c@quantumedia.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fb+w3c@quantumedia.de

--- Comment #1 from fbender <fb+w3c@quantumedia.de> ---
Quick question: How does CSP interact with Web Components?

E. g. if I disable inline scripts (same applies to inline-styles) via CSP, is a
<template>'s script affected? (It probably should not. If this is not specified
yet, shall I file a bug?)

This leads me to the question: Is it possible to inject malicious scripts via
Web Components, i. e. by injecting a link[rel="components"] pointing to
malicious templates?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Sunday, 21 April 2013 13:30:02 UTC