Re: CSP formal objection.

I've landed
https://github.com/w3c/webappsec/commit/cbfaa8edfadebf21a9c7428242c12e45934d8c55into
the working draft. I believe that addresses the objection. Glenn, do
you agree?

-mike

-Mike


On Tue, Jan 28, 2014 at 3:19 PM, Brian Smith <brian@briansmith.org> wrote:

> On Tue, Jan 28, 2014 at 12:57 PM, Anne van Kesteren <annevk@annevk.nl>
> wrote:
> >> On Mon, Jan 27, 2014 at 10:19 AM, Glenn Adams <glenn@skynav.com> wrote:
> >>> Option #1
> >>>
> >>> Our preference would be to simply remove the following text from 3.2.3:
> >>>
> >>> "Enforcing a policy should not interfere with the operation of
> >>> user-supplied scripts such as third-party user-agent add-ons and
> JavaScript
> >>> bookmarklets."
> >
> > This makes the most sense to me. Web standards have no business
> > talking about UI-level features.
>
> I also agree. The intent is to protect addon developers and addon
> users from having websites disabling their addon functionality. But,
> even within Mozilla there isn't complete agreement on how to interpret
> that text, and I doubt that there's going to be broad agreement across
> implementations.
>
> Cheers,
> Brian
> --
> Mozilla Networking/Crypto/Security (Necko/NSS/PSM)
>
>

Received on Wednesday, 29 January 2014 16:42:49 UTC