W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2012

Re: how to protect javascript codes

From: Dan Veditz <dveditz@mozilla.com>
Date: Sun, 18 Nov 2012 17:19:43 -0800
Message-ID: <50A9892F.4020201@mozilla.com>
To: Mountie Lee <mountie.lee@mw2.or.kr>
CC: webcrypto-comments@w3.org, public-webappsec@w3.org, public-sysapps@w3.org
On 11/18/12 4:49 PM, Mountie Lee wrote:
> could you guide me the discussion thread for script nonce or
> fingerprint/hash ?


May or may not be adopted as part of CSP 1.1 (CSP 1.0 isn't final yet!) 
but discussion was favorable enough to include as a discussion point. It 
does not directly address your issue -- it attempts to ensure that each 
<script> tag was created by the page author and wasn't injected, but 
does nothing to ensure the received content was the intended content.

-Dan Veditz
Received on Monday, 19 November 2012 01:20:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:30 UTC