- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 19 Apr 2013 11:21:15 +0100
- To: James Marshall <james@jmarshall.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Apr 18, 2013 at 7:10 PM, James Marshall <james@jmarshall.com> wrote: > Something in the CSP draft is unclear to me-- if an HTML document has an > external script element that in turn loads another external script (via > Document.write(), Node.appendChild(), etc.), is the loading of that second > script governed by the policy of the first script resource, or by the policy > of the original HTML document? > > Apologies if I missed something. All related explanations welcome, as I'm > new to CSP, and need to get it thoroughly right in my app (physical safety > is at stake). The document is in charge of loading all its resources. -- http://annevankesteren.nl/
Received on Friday, 19 April 2013 10:21:42 UTC