W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

[webappsec] CSP 1.0 bug? button type=image and img-src

From: Hill, Brad <bhill@paypal-inc.com>
Date: Tue, 23 Apr 2013 21:11:03 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E279D3BBD@DEN-EXDDA-S12.corp.ebay.com>
While writing test assertions I noticed that the spec text for CSP 1.0 does not explicitly include the src attribute of a button element of type image in the list of fetches controlled by the img-src directive.  Should we correct this?

-Brad
Received on Tuesday, 23 April 2013 21:11:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC