- From: Hill, Brad <bhill@paypal-inc.com>
- Date: Fri, 1 Feb 2013 04:32:49 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Friday, 1 February 2013 04:33:19 UTC
I recently noticed the following proposal for custom elements in HTML: https://www.w3.org/Bugs/Public/show_bug.cgi?id=18669#c48 We should think about how to handle these in CSP. To my knowledge (please correct me) this is the first time there has been a notion of extension/inheritance in HTML tags. This may be the easiest way to deal with these elements - policies apply to the described elements and any custom elements that descend from them. For elements that are declared de-novo but have "active" or script-equivalent semantics, the case is a little more tricky. Ideas? -Brad Hill
Received on Friday, 1 February 2013 04:33:19 UTC