- From: Justin Fagnani <notifications@github.com>
- Date: Fri, 05 Oct 2018 18:25:30 +0000 (UTC)
- To: w3c/webcomponents <webcomponents@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 5 October 2018 18:25:53 UTC
@AshleyScirra CSP could evolve to treat HTML modules with the same policy as script. HTML is only considered less secure because it's more often server generated, but there's no reason why .js files couldn't have XSS holes in them too. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webcomponents/issues/645#issuecomment-427457331
Received on Friday, 5 October 2018 18:25:53 UTC