- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 29 Apr 2013 22:15:31 -0700
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
ACTION-120 asks me to make a proposal for how to handle custom elements in CSP 1.1. My proposal is to not change the spec. Custom elements are defined in terms of built-in elements. For example, a custom element implementing the <picture> element (e.g., <my-picture>), would expand via its shadow DOM into a bunch of other elements (e.g., <img> elements or other elements with a background-image CSS property). These built-in elements are already subject to the CSP policy, so the custom element will work as expected (e.g., the images displayed by <my-picture> would be subject to the img-src directive in the CSP policy). For that reason, I don't think we need to do anything specific of custom elements in CSP. Everything should just work as expected without any changes. Adam
Received on Tuesday, 30 April 2013 05:16:31 UTC