W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2014

Re: [HTML imports]: Imports and Content Security Policy

From: Gabor Krizsanits <gkrizsanits@mozilla.com>
Date: Wed, 29 Jan 2014 17:47:59 -0800 (PST)
To: public-webapps@w3.org
Message-ID: <1900171548.6408060.1391046479915.JavaMail.zimbra@mozilla.com>
One more thing that little bit worries me, that the most common request when it comes to CSP is banning inline scripts. If all the imports obey the CSP of the master, which I think the only way to go, that also probably means that in most cases we can only use imports those do not have any inline scripting either... I think this should be mentioned in the spec. Since if you develop some huge library let's say, based on imports, and then no costumer can use it who also want to have CSP, because it's full of inline scripts, that would be quite annoying.
Received on Thursday, 30 January 2014 16:40:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:21 UTC