Re: CSP when external script loads another external script?

On Thu, Apr 18, 2013 at 7:10 PM, James Marshall <james@jmarshall.com> wrote:
> Something in the CSP draft is unclear to me-- if an HTML document has an
> external script element that in turn loads another external script (via
> Document.write(),  Node.appendChild(), etc.), is the loading of that second
> script governed by the policy of the first script resource, or by the policy
> of the original HTML document?
>
> Apologies if I missed something.  All related explanations welcome, as I'm
> new to CSP, and need to get it thoroughly right in my app (physical safety
> is at stake).

The document is in charge of loading all its resources.


--
http://annevankesteren.nl/

Received on Friday, 19 April 2013 10:21:42 UTC