- From: James M Snell <jasnell@gmail.com>
- Date: Mon, 2 Jun 2014 06:54:14 -0700
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: WebApps WG <public-webapps@w3.org>
Received on Monday, 2 June 2014 13:54:43 UTC
Im not saying it's perfect. Not by any stretch. I'm saying it shouldn't be worse. Any impl that supports the mechanism will need to be aware of the risk and content filters will need to evolve. Perhaps an additional strongly worded warning in the spec would be helpful. On Jun 2, 2014 6:43 AM, "Boris Zbarsky" <bzbarsky@mit.edu> wrote: > On 6/2/14, 9:22 AM, James M Snell wrote: > >> Yes, that's true. Content filters are likely to miss the links >> themselves. Hopefully, the imported documents themselves get filtered >> > > By what, exactly? I mean, CSP will apply to them, but not website content > filters... > > One assumption we can possibly make is that >> any implementation that knows how to follow import links ought to know >> that they need to be filtered. >> > > Sure, but that assumes the filtering we're talking about is being done by > the UA to start with. > > -Boris >
Received on Monday, 2 June 2014 13:54:43 UTC