W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: CSP Transition Tools

From: Yoav Weiss <yoav@yoav.ws>
Date: Fri, 17 Jan 2014 23:00:46 +0100
Message-ID: <CACj=BEhwzg1gnXYkb4xH+AGxA8N9ryH5QDuSDUAPssa-iBA98A@mail.gmail.com>
To: Neil Matatall <neilm@twitter.com>
Cc: Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Jan 17, 2014 at 7:11 PM, Neil Matatall <neilm@twitter.com> wrote:

> Something like this?
> http://nmatatal.blogspot.com/2013/09/how-my-script-hash-poc-works.html
> This hack worked very, very well for rails apps (that don't use the
> javascript_tag helper)
>

Exactly like this (at least the inline script/style parts).
Why did it stay in the PoC phase? I'd imagine such a gem to be extremely
useful for production RoR sites.
Received on Friday, 17 January 2014 22:01:15 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC