- From: Frederik Braun <fbraun@mozilla.com>
- Date: Fri, 31 Jan 2014 09:18:14 +0100
- To: Scott Miles <sjmiles@google.com>, Gabor Krizsanits <gkrizsanits@mozilla.com>
- CC: public-webapps <public-webapps@w3.org>
On 30.01.2014 19:53, Scott Miles wrote:> I'm hoping there are some
constraints we can impose on imports to allow
> them to contain inline scripts to exist under CSP.
That's interesting. Wouldn't this violate the CSP spec?
Imported scripts still have access to the same origin as the master
document, don't they?
>
> Failing that, we already have a tool ('vulcanizer') which can separate
> scripts out of imports (and to the reverse as well).
I really don't understand what this means. Can you please elaborate?
>
> Whether an import uses inline or external scripts is invisible to the
> importer.
>
Received on Friday, 31 January 2014 08:18:43 UTC