- From: Neil Matatall <neilm@twitter.com>
- Date: Fri, 14 Dec 2012 11:50:27 -0800
- To: public-webappsec@w3.org
Received on Friday, 14 December 2012 22:40:25 UTC
If inline script is disallowed and I receive a report saying that the script-src directive was violated which indicates javascript has been injected (or pre-existing) on a page, I would like to know where the code lives. Knowing this can help you determine where your existing inline script lives as well as give you hints as to how the script may have been injected if no inline script was expected. I would like to propose that we add the line number as part of the 1.1 spec. Thoughts?
Received on Friday, 14 December 2012 22:40:25 UTC