- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 06 Jun 2013 12:35:22 -0400
- To: public-webappsec@w3.org
On 6/6/13 10:11 AM, Anne van Kesteren wrote: > Gordon put together a wiki page that lists the different fetching > contexts with respect to sniffing. On my request he also added a > column for CSP: > > http://wiki.whatwg.org/wiki/Contexts > > It's not entirely clear yet to me what the right layering is for > Fetch/MIME sniffing/CSP. Thoughts appreciated. We should probably add at least workers, XMLHttpRequest, SVG resource documents, document.load, XSLT. Probably eventually the components import stuff. Does EventSource do a fetch internally? I'm not sure whether any UAs fetch DTDs in practice, but if so they should be added too. <object> might need to be a separate context from "nested browsing" and "plugin", possibly. It really depends on how the spec for it reads. -Boris
Received on Thursday, 6 June 2013 16:35:54 UTC