- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 26 Apr 2013 11:07:06 +0100
- To: Web Application Security Working Group <public-webappsec@w3.org>
On Thu, Apr 25, 2013 at 8:25 PM, Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org> wrote: > If breakage is minimal, setting CSP at all might imply that <base> is ignored unless whitelisted in the policy. In XML (and in HTML via script), xml:base can affect a bunch of URLs as well (not quite as much as <base> though). Should CSP take that into account? -- http://annevankesteren.nl/
Received on Friday, 26 April 2013 10:07:33 UTC