Re: webcomponents: <import> instead of <link>

On Tue, May 14, 2013 at 2:21 PM, Simon Pieters <> wrote:

> That seems to be an argument based on aesthetics. That's worth considering,
> of course, but I think is a relatively weak argument. In particular I care
> about the first bullet point above. <link> is not capable of executing
> script from an external resource today. What are the implications if it
> suddenly gains that ability?

Given that WebAppSec peeps suggested that CSP treats <link rel=import>
as script-src, I am pretty sure we're okay here. Are there any other
things that we should worry about?

There's one more ditty that seems valuable: HTML Imports
scripts-blocking behavior is much closer to how <link rel=stylesheet>
works (
and thereabouts)


Received on Wednesday, 15 May 2013 18:27:07 UTC