W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2013

[webappsec] Handling custom elements in CSP

From: Hill, Brad <bhill@paypal-inc.com>
Date: Fri, 1 Feb 2013 04:32:49 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E278EB886@DEN-EXDDA-S12.corp.ebay.com>
I recently noticed the following proposal for custom elements in HTML:


We should think about how to handle these in CSP.  To my knowledge (please correct me) this is the first time there has been a notion of extension/inheritance in HTML tags.  This may be the easiest way to deal with these elements - policies apply to the described elements and any custom elements that descend from them.

For elements that are declared de-novo but have "active" or script-equivalent semantics, the case is a little more tricky.


-Brad Hill
Received on Friday, 1 February 2013 04:33:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:31 UTC