- From: Eric Chen <eric.chen@sv.cmu.edu>
- Date: Wed, 18 Jul 2012 20:57:00 -0700
- To: Mike West <mkwst@google.com>
- Cc: public-webappsec@w3.org
Received on Thursday, 19 July 2012 03:57:28 UTC
Hi Mike: > * `script-nonce` has been cleaned up a bit, adding a non-normative "Usage" > section that attempts to explain the core functionality to web developers, > and making two things clear that confused me while experimenting with a > WebKit implementation. First, invalid nonces now fail loudly, blocking all > script execution on a page. > Is there a particular motivation for this? (i.e., is there an attack that would break the soft-fail case?) -- -Eric
Received on Thursday, 19 July 2012 03:57:28 UTC