Re: [webappsec] CSP 1.0 bug? button type=image and img-src

On Wed, Apr 24, 2013 at 3:28 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Tue, Apr 23, 2013 at 11:04 PM, Adam Barth <w3c@adambarth.com> wrote:
> > We should try to find a way editorially to avoid having to enumerate all the
> > different ways user agents can load images.  We're unlikely to be able to
> > list them all, and it will make the spec fragile as the platform evolves.
>
> Should we make these "types" (media, image, etc.) part of what
> specifications define when they perform a
> http://fetch.spec.whatwg.org/ ? That way we have a nice way to hook in
> the CSP check there.

That sounds like a good idea.

Adam

Received on Wednesday, 24 April 2013 15:30:39 UTC