- From: Andrea Giammarchi <notifications@github.com>
- Date: Wed, 09 Mar 2022 09:08:53 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 9 March 2022 17:09:06 UTC
> CSP can also be opt-out it doesn't have to be opt in (right?). that breaks everything by default, if you want to enable this by default and we should ask everyone to add a CSP rule in every site that used some library that most of them didn't even know was relying on non-leaking listeners. At that point I'd personally think {closed} or {stealth} are more reasonable as JS dependencies are easier to update /patch than HTML layouts or server side headers ... -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/412#issuecomment-1063156009 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/dom/issues/412/1063156009@github.com>
Received on Wednesday, 9 March 2022 17:09:06 UTC