W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: CSP formal objection.

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Wed, 29 Jan 2014 20:24:27 +0100
To: "Hill, Brad" <bhill@paypal.com>
Cc: Mike West <mkwst@chromium.org>, Brian Smith <brian@briansmith.org>, "Anne van Kesteren" <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <3mkie9lnta82kmqirmuoopk7d399bjjo9r@hive.bjoern.hoehrmann.de>
* Hill, Brad wrote:
>Thank you, everyone, for working together to a mutually agreeable conclusion.

There is nothing agreeable about the removal of the text in question.
CSP is meant to be implemented by user agents, and the requirement in
question is there to ensure CSP will not be abused to act against the
interests of the user as part of some kind of digital repression me-
chanism. Clearly, if browsers let CSP interfere with user-controlled
scripts, they become an agent of someone other than the user. If the
text is not restored, someone will have to bring this to the attention
of the W3C Director and the Advisory Committee.
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Wednesday, 29 January 2014 19:24:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC