W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2014

Re: Removal of the note about extensions

From: Mitar <mmitar@gmail.com>
Date: Mon, 24 Feb 2014 22:44:42 -0800
Message-ID: <CAKLmikO22awPCigAnvZhqXZPGckFi6wcF=CQX73ZvtwVuPtrPQ@mail.gmail.com>
To: Mike Pomax Kamermans <pomax@nihongoresources.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>

On Mon, Feb 24, 2014 at 9:02 AM, Mike "Pomax" Kamermans
<pomax@nihongoresources.com> wrote:
> It would be even nicer if it could be made solution-agnostic, simply stating
> that UA are encouraged to allow users to override CSP either through
> UA-preferences or through third-party added functionality. If we come up
> with a third thing to supplement addons and bookmarklets, the suggested
> clause will run into an enumeration problem (it's hard to future-proof
> explicit lists).

I would really love to see bookmarklets explicitly mentioned.
Otherwise people made arguments that bookmarklets are not add-on or
extensions. For example, see this comment:


Simon is arguing that bookmarklets should not be allowed to inject
additional scripts into the page becase they are not extensions.


Received on Tuesday, 25 February 2014 06:45:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC