- From: Mattias Karlsson <enkidude@gmail.com>
- Date: Sun, 24 Jun 2012 12:06:57 +0200
- To: public-webappsec@w3.org
Received on Sunday, 24 June 2012 20:23:49 UTC
I noticed that the CSP specification does not mention anything about the iframe srcdoc attribute. It's not obvious to me whether the CSP policy of the containing page should be enforced on the content of an iframe with a srcdoc attribute or if it should be treated like a normal iframe with only a src attribute. Should this be clarified in the specification or can the correct behavior be derived anyway? / Mattias
Received on Sunday, 24 June 2012 20:23:49 UTC