- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 23 Apr 2013 15:04:45 -0700
- To: "Hill, Brad" <bhill@paypal-inc.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Tuesday, 23 April 2013 22:05:44 UTC
We should try to find a way editorially to avoid having to enumerate all the different ways user agents can load images. We're unlikely to be able to list them all, and it will make the spec fragile as the platform evolves. Adam On Tue, Apr 23, 2013 at 2:18 PM, Hill, Brad <bhill@paypal-inc.com> wrote: > We are also missing the "lowsrc" attribute of img in that directive > description. > > > -----Original Message----- > > From: Hill, Brad [mailto:bhill@paypal-inc.com] > > Sent: Tuesday, April 23, 2013 2:11 PM > > To: public-webappsec@w3.org > > Subject: [webappsec] CSP 1.0 bug? button type=image and img-src > > > > While writing test assertions I noticed that the spec text for CSP 1.0 > does not > > explicitly include the src attribute of a button element of type image > in the > > list of fetches controlled by the img-src directive. Should we correct > this? > > > > -Brad > > >
Received on Tuesday, 23 April 2013 22:05:44 UTC