- From: Mitar <mmitar@gmail.com>
- Date: Mon, 24 Feb 2014 22:44:42 -0800
- To: Mike Pomax Kamermans <pomax@nihongoresources.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi! On Mon, Feb 24, 2014 at 9:02 AM, Mike "Pomax" Kamermans <pomax@nihongoresources.com> wrote: > It would be even nicer if it could be made solution-agnostic, simply stating > that UA are encouraged to allow users to override CSP either through > UA-preferences or through third-party added functionality. If we come up > with a third thing to supplement addons and bookmarklets, the suggested > clause will run into an enumeration problem (it's hard to future-proof > explicit lists). I would really love to see bookmarklets explicitly mentioned. Otherwise people made arguments that bookmarklets are not add-on or extensions. For example, see this comment: https://bugzilla.mozilla.org/show_bug.cgi?id=866522#c15 Simon is arguing that bookmarklets should not be allowed to inject additional scripts into the page becase they are not extensions. Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m
Received on Tuesday, 25 February 2014 06:45:09 UTC