W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

CSP 1.1 and image loading elements/attributes

From: Yoav Weiss <yoav@yoav.ws>
Date: Mon, 26 Aug 2013 23:08:54 +0200
Message-ID: <CACj=BEjLHjhqUe1fCor1uGpdON0qL7oCGDnJ0ew_-q2kSKVXSw@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
A few months ago there was a discussion on this list regarding the current
definition of image sources [1] and the fact that it includes an explicit
(and partial) list of element that may load images.
The conclusion was that finding a generic way to say "elements that load
images" would be better [2].

The introduction of the srcset attribute in WebKit amplifies the need for
such generic phrasing.

What is the status of this change? Is it waiting
onhttp://fetch.spec.whatwg.org/to include resource types?

Yoav

[1]
https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#dfn-allowed-image-sources
[2] http://lists.w3.org/Archives/Public/public-webappsec/2013Apr/0068.html
Received on Monday, 26 August 2013 21:09:21 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC