- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 24 Apr 2013 11:28:20 +0100
- To: Adam Barth <w3c@adambarth.com>
- Cc: "Hill, Brad" <bhill@paypal-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Apr 23, 2013 at 11:04 PM, Adam Barth <w3c@adambarth.com> wrote: > We should try to find a way editorially to avoid having to enumerate all the > different ways user agents can load images. We're unlikely to be able to > list them all, and it will make the spec fragile as the platform evolves. Should we make these "types" (media, image, etc.) part of what specifications define when they perform a http://fetch.spec.whatwg.org/ ? That way we have a nice way to hook in the CSP check there. Also, lowsrc is not supported by user agents and should not be included. You might want to list srcset though. -- http://annevankesteren.nl/
Received on Wednesday, 24 April 2013 10:28:48 UTC