RE: [webappsec] CSP 1.0 bug? button type=image and img-src from Hill, Brad on 2013-04-23 (public-webappsec@w3.org from April 2013)

From: Hill, Brad <bhill@paypal-inc.com>
Date: Tue, 23 Apr 2013 21:18:10 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E279D3C29@DEN-EXDDA-S12.corp.ebay.com>

We are also missing the "lowsrc" attribute of img in that directive description.

> -----Original Message-----
> From: Hill, Brad [mailto:bhill@paypal-inc.com]
> Sent: Tuesday, April 23, 2013 2:11 PM
> To: public-webappsec@w3.org
> Subject: [webappsec] CSP 1.0 bug? button type=image and img-src
> 
> While writing test assertions I noticed that the spec text for CSP 1.0 does not
> explicitly include the src attribute of a button element of type image in the
> list of fetches controlled by the img-src directive.  Should we correct this?
> 
> -Brad

Received on Tuesday, 23 April 2013 21:18:38 UTC