- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 25 Mar 2013 21:31:16 +0000
- To: "Hill, Brad" <bhill@paypal-inc.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Mar 25, 2013 at 9:13 PM, Hill, Brad <bhill@paypal-inc.com> wrote: > Please take a look. I’d especially like feedback as to whether the webIDL > definitions of the interface as “partial” rather than extending the CSP 1.1 > directives is the correct choice. It's not really clear to me what you mean here. "partial" is an extension by definition. A "partial UIEvent" is lacking to define the unsafe property. I noticed "blocked-target-xpath". It's not really clear to me we want to add a dependency on XPath. We don't have that anywhere else. And in fact this is a new kind of requirement, where you have a node and want to generate a path to it, which is something we have nowhere as far as I know. In general this specification lacks a model. There's a bunch of features and descriptions of them, but it is not exactly clear where they matter in an implementation. -- http://annevankesteren.nl/
Received on Monday, 25 March 2013 21:31:55 UTC