- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Sun, 24 Jun 2012 23:10:45 +0200
- To: Mattias Karlsson <enkidude@gmail.com>
- Cc: public-webappsec@w3.org
* Mattias Karlsson wrote: >I noticed that the CSP specification does not mention anything about the >iframe srcdoc attribute. It's not obvious to me whether the CSP policy of >the containing page should be enforced on the content of an iframe with a >srcdoc attribute or if it should be treated like a normal iframe with only >a src attribute. Should this be clarified in the specification or can the >correct behavior be derived anyway? http://lists.w3.org/Archives/Public/public-whatwg-archive/2012May/0100.html -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Sunday, 24 June 2012 21:11:09 UTC