- From: Adam Barth <w3c@adambarth.com>
- Date: Sun, 2 Jun 2013 11:37:55 -0700
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Garrett Robinson <grobinson@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Sun, Jun 2, 2013 at 10:59 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: >>The main use case I see for nonce-source is to whitelist >> inline content that is difficult to move out-of-line. > > On the other hand, for scripts and styles, the nonce overrides src > directives even for external content. I wouldn't say it "overrides" src directives. It's just a source-expression, and it works in the same way as other source-expressions. Adam
Received on Sunday, 2 June 2013 18:38:55 UTC