W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

Re: CSP script hashes, inline and src'd

From: Garrett Robinson <grobinson@mozilla.com>
Date: Fri, 18 Oct 2013 18:31:42 -0700
Message-ID: <5261E0FE.2060404@mozilla.com>
To: public-webappsec@w3.org
On 10/18/2013 05:20 PM, Glenn Adams wrote:
> Are you referring to CSP's script nonces?

No, he is not. He is referring to the script hash proposal (see [1] for
the latest draft) which has the same goal as nonce-source (whitelisting
inline scripts/styles) but otherwise has a different design.

[1] http://lists.w3.org/Archives/Public/public-webappsec/2013Sep/0053.html
Received on Saturday, 19 October 2013 01:32:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:03 UTC