W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: Fetching contexts

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 21 Jun 2013 10:33:27 +0900
Message-ID: <CADnb78gEnT86ZLeog7MyV0Nk_Oeo+3a30jP0ko+ADzzNB0KQ9A@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Gordon Hemsley <me@gphemsley.org>, Adam Barth <w3c@adambarth.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Jun 20, 2013 at 11:17 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 6/20/13 3:27 AM, Anne van Kesteren wrote:
>> Workers are covered by script-src.
>
> Is that actually specified somewhere?
>
>> HTML component imports are covered by script-src (for
>> now).
>
> Likewise.

https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-src


--
http://annevankesteren.nl/
Received on Friday, 21 June 2013 01:33:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC