W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: Content Security Policy

From: Neil Matatall <neilm@twitter.com>
Date: Sat, 15 Jun 2013 02:00:46 -0400
Message-ID: <CAOFLtbgWkEJhvz1+Q5Qm6h8YJk3Cbfv6ew_3Uv-0jBCmpKrXNQ@mail.gmail.com>
To: Евнгений Яременко <w3techplayground@gmail.com>
Cc: public-webappsec@w3.org
This is the script-hash proposal. I would love it if we discussed this more
as it has numerous benefits over a nonce as well as complications :)
On Jun 15, 2013 1:11 AM, "Евнгений Яременко" <w3techplayground@gmail.com>

> Is it possible to verify(whitelist) inline script block via checksum of
> its logic(uniform) as alternative to "Nonce"?  ie send checksum of the
> allowed script via header and if inlined script checksum is the same it's
> allowed to execute.
Received on Saturday, 15 June 2013 06:01:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:33 UTC