- From: Glenn Adams <glenn@skynav.com>
- Date: Mon, 27 Jan 2014 11:28:31 -0700
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CACQ=j+eRLYMJ-5YGVrk54F3cZ80aNsQk9n4NQaeQgv2GZZ565A@mail.gmail.com>
Forwarding to WG ML for wider input. ---------- Forwarded message ---------- From: Mike West <mkwst@google.com> Date: Mon, Jan 27, 2014 at 11:25 AM Subject: Re: CSP formal objection. To: Glenn Adams <glenn@skynav.com> Great, thanks for putting this together. Would you mind making this proposal publicly to the list so we can try to come to consensus ahead of Wednesday's call? -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Mon, Jan 27, 2014 at 10:19 AM, Glenn Adams <glenn@skynav.com> wrote: > > > > On Mon, Jan 27, 2014 at 10:10 AM, Mike West <mkwst@google.com> wrote: > >> Hey Glenn, >> >> Where do you feel we are with >> https://www.w3.org/Bugs/Public/show_bug.cgi?id=23357 ? I'd like to get >> CSP 1.1 to last call relatively soon, so I'd like to understand what you >> think needs to happen in order for you to consider your objection dealt >> with in a way you're happy with. >> > > *Option #1* > > Our preference would be to simply *remove* the following text from 3.2.3: > > "Enforcing a policy *should not* interfere with the operation of > user-supplied scripts such as third-party user-agent add-ons and JavaScript > bookmarklets." > > *Option #2* > > However, absent removing this text, we could accept changing this to a > note with a slight rewrite: > > "*Note:* A user agent may enforce a policy with respect to the operation > of user-supplied scripts such as third-party user-agent add-ons and > JavaScript bookmarklets." > > *Option #3 * > > Our actual preference would be to restate the original text as: > > "A user agent must enforce a policy with respect to the operation of > user-supplied scripts such as third-party user-agent add-ons and JavaScript > bookmarklets." > > But we think the group won't accept this, thus we can accept (at this > juncture) either option #1 or #2 or some equivalent. > > Regards, > Glenn (for CoxCom) > > >> >> Thanks! >> >> -mike >> >> -- >> Mike West <mkwst@google.com> >> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 >> >> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany >> Registergericht und -nummer: Hamburg, HRB 86891 >> Sitz der Gesellschaft: Hamburg >> Geschäftsführer: Graham Law, Christine Elizabeth Flores >> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) >> > >
Received on Monday, 27 January 2014 18:29:19 UTC