W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2014

Re: [CSP] SVG-in-img implementation difference

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 23 Apr 2014 14:36:02 +0200
Message-ID: <CADnb78jBwEJohda6z6sF_b8wOpFd5qC-5k+duJHgxeypr01+uA@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Ted Mielczarek <ted@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Apr 23, 2014 at 2:32 PM, Mike West <mkwst@google.com> wrote:
> If we want 'img-src' to restrict a page's ability to reference a GIF, then
> that restriction should apply regardless of whether the GIF is pulled in via
> <img> directly or indirectly.

I'm not sure I follow what you're saying or how it relates to what I wrote.

Received on Wednesday, 23 April 2014 12:36:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC