Re: [HTML imports]: Imports and Content Security Policy

One more thing that little bit worries me, that the most common request when it comes to CSP is banning inline scripts. If all the imports obey the CSP of the master, which I think the only way to go, that also probably means that in most cases we can only use imports those do not have any inline scripting either... I think this should be mentioned in the spec. Since if you develop some huge library let's say, based on imports, and then no costumer can use it who also want to have CSP, because it's full of inline scripts, that would be quite annoying.

Received on Thursday, 30 January 2014 16:40:47 UTC