Re: [w3c/webcomponents] HTML, CSS, and JSON modules shouldn't solely rely on MIME type to change parsing behavior (#839) from James Browning on 2019-09-18 (public-webapps-github@w3.org from September 2019)

From: James Browning <notifications@github.com>
Date: Tue, 17 Sep 2019 22:41:56 -0700
To: w3c/webcomponents <webcomponents@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webcomponents/issues/839/532527533@github.com>

I think there's two separate parts to this:
- Treating some response as another/specific format
- Preventing evaluation of unexpected formats

I personally think the second one should be part of `Content-Security-Policy` rather than changing anything about the current module loading e.g. `Content-Security-Policy: modules self *, https://some.config.tld json, https://fonts.somewhere.tld css`.

For the first one maybe we could extend the `import:` protocol to have `import+css:`/`import+html`/etc to force it into a specific format.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webcomponents/issues/839#issuecomment-532527533

Received on Wednesday, 18 September 2019 05:42:18 UTC