- From: Hill, Brad <bhill@paypal-inc.com>
- Date: Tue, 23 Apr 2013 21:18:10 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
We are also missing the "lowsrc" attribute of img in that directive description. > -----Original Message----- > From: Hill, Brad [mailto:bhill@paypal-inc.com] > Sent: Tuesday, April 23, 2013 2:11 PM > To: public-webappsec@w3.org > Subject: [webappsec] CSP 1.0 bug? button type=image and img-src > > While writing test assertions I noticed that the spec text for CSP 1.0 does not > explicitly include the src attribute of a button element of type image in the > list of fetches controlled by the img-src directive. Should we correct this? > > -Brad
Received on Tuesday, 23 April 2013 21:18:38 UTC