Re: CSP Transition Tools from Yoav Weiss on 2014-01-17 (public-webappsec@w3.org from January 2014)

From: Yoav Weiss <yoav@yoav.ws>
Date: Fri, 17 Jan 2014 23:00:46 +0100
To: Neil Matatall <neilm@twitter.com>
Cc: Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CACj=BEhwzg1gnXYkb4xH+AGxA8N9ryH5QDuSDUAPssa-iBA98A@mail.gmail.com>

On Fri, Jan 17, 2014 at 7:11 PM, Neil Matatall <neilm@twitter.com> wrote:

> Something like this?
> http://nmatatal.blogspot.com/2013/09/how-my-script-hash-poc-works.html
> This hack worked very, very well for rails apps (that don't use the
> javascript_tag helper)
>

Exactly like this (at least the inline script/style parts).
Why did it stay in the PoC phase? I'd imagine such a gem to be extremely
useful for production RoR sites.

Received on Friday, 17 January 2014 22:01:15 UTC