- From: Ian Melven <imelven@mozilla.com>
- Date: Tue, 30 Apr 2013 11:07:47 -0700 (PDT)
- To: WebAppSec WG <public-webappsec@w3.org>
Hi, recently Jonas Sicking raised the idea of having a CSP directive that would block usage of innerHTML the primary motivation for doing this seems to be additional defence in depth on top of CSP already restricting script and style injections i'm curious what others think of this idea and looking for feedback :) thanks, ian
Received on Tuesday, 30 April 2013 18:08:14 UTC