W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2014

Re: CSP formal objection.

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 04 Feb 2014 14:40:11 +0100
To: Brad Hill <hillbrad@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <o4r1f99iks8eq24a4dgjqmvd6cd4tohpi2@hive.bjoern.hoehrmann.de>
* Brad Hill wrote:
>Since we all agree about the PoC, but could argue for another few months
>about what exactly it means, would everyone be able to live with the
>following text:
>"When considering interactions between a resource's policy and
>user-initiated changes to that resource, for example through extension
>mechanisms or bookmarklets, user agent implementors SHOULD take in to
>account the HTML5 Priority of Constituencies (link) when determining
>whether to enforce or report on a policy violation that would be generated
>by such changes."

That is not acceptable, starting with the fact that the document in
question is a Working Draft that has not been updated since 2007 and
there would be problems making normative reference to a Working Draft
that is not likely to advance and does not have technical requirements.
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 4 February 2014 13:40:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC