- From: James Marshall <james@jmarshall.com>
- Date: Thu, 18 Apr 2013 11:10:18 -0700
- To: public-webappsec@w3.org
Received on Friday, 19 April 2013 08:00:14 UTC
Something in the CSP draft is unclear to me-- if an HTML document has an external script element that in turn loads another external script (via Document.write(), Node.appendChild(), etc.), is the loading of that second script governed by the policy of the first script resource, or by the policy of the original HTML document? Apologies if I missed something. All related explanations welcome, as I'm new to CSP, and need to get it thoroughly right in my app (physical safety is at stake). Thanks, James
Received on Friday, 19 April 2013 08:00:14 UTC