CSP 1.1 and image loading elements/attributes from Yoav Weiss on 2013-08-26 (public-webappsec@w3.org from August 2013)

From: Yoav Weiss <yoav@yoav.ws>
Date: Mon, 26 Aug 2013 23:08:54 +0200
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CACj=BEjLHjhqUe1fCor1uGpdON0qL7oCGDnJ0ew_-q2kSKVXSw@mail.gmail.com>

A few months ago there was a discussion on this list regarding the current
definition of image sources [1] and the fact that it includes an explicit
(and partial) list of element that may load images.
The conclusion was that finding a generic way to say "elements that load
images" would be better [2].

The introduction of the srcset attribute in WebKit amplifies the need for
such generic phrasing.

What is the status of this change? Is it waiting
onhttp://fetch.spec.whatwg.org/to include resource types?

Yoav

[1]
https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#dfn-allowed-image-sources
[2] http://lists.w3.org/Archives/Public/public-webappsec/2013Apr/0068.html

Received on Monday, 26 August 2013 21:09:21 UTC