- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 21 Jun 2013 10:33:27 +0900
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: Gordon Hemsley <me@gphemsley.org>, Adam Barth <w3c@adambarth.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Jun 20, 2013 at 11:17 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > On 6/20/13 3:27 AM, Anne van Kesteren wrote: >> Workers are covered by script-src. > > Is that actually specified somewhere? > >> HTML component imports are covered by script-src (for >> now). > > Likewise. https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-src -- http://annevankesteren.nl/
Received on Friday, 21 June 2013 01:33:57 UTC