W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2014

Re: Worker / SharedWorker directive

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 25 Apr 2014 10:46:34 +0200
Message-ID: <CADnb78h7R8x7gNzQNB_dGaQjA+YkkG93dJx7DVMqOLa8md8SHg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Fri, Apr 25, 2014 at 10:25 AM, Mike West <mkwst@google.com> wrote:
> My fault: removed Worker/SharedWorker from 'script-src' in
> https://github.com/w3c/webappsec/commit/ad525f13d111ba366b4fae9678b6097e5ee829ad.

Thanks.


> Note that 'importScripts' should still be controlled by the 'script-src'
> directive of whatever policy the Worker is running with.

Agreed.


-- 
http://annevankesteren.nl/
Received on Friday, 25 April 2014 08:47:01 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC