[webappsec] CSP 1.0 bug? button type=image and img-src

While writing test assertions I noticed that the spec text for CSP 1.0 does not explicitly include the src attribute of a button element of type image in the list of fetches controlled by the img-src directive.  Should we correct this?

-Brad

Received on Tuesday, 23 April 2013 21:11:31 UTC