- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Thu, 16 May 2013 10:09:03 -0700
- To: Eduardo' Vela <evn@google.com>
- CC: public-webappsec@w3.org
Received on Thursday, 16 May 2013 17:09:35 UTC
On 5/16/2013 9:56 AM, Eduardo' Vela wrote: > Usually ads problems come in the form of iframes redirecting to > different domains rather than scripts. "frame-src *" solves that, doesn't it? May not be as tight a policy as you would like but better than no CSP at all, especially if you can block unsafe-inline. > The result, at least short/medium term is going to be that sites with > ads won't use CSP, not the other way around (ads networks changing their > while business model for us). Sounds like a good market opportunity for Google :-) -Dan Veditz
Received on Thursday, 16 May 2013 17:09:35 UTC