- From: Hill, Brad <bhill@paypal.com>
- Date: Wed, 29 Jan 2014 19:30:00 +0000
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: Mike West <mkwst@chromium.org>, Brian Smith <brian@briansmith.org>, "Anne van Kesteren" <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Bjoern, I think the removal of the text simply leaves the matter open to each user agent to implement the interactions between CSP and add-ons according to their own best ability and whatever priority of constituencies they already follow. It neither implies interference nor non-interference. Sincerely, Brad Hill > On Jan 29, 2014, at 11:24 AM, "Bjoern Hoehrmann" <derhoermi@gmx.net> wrote: > > * Hill, Brad wrote: >> Thank you, everyone, for working together to a mutually agreeable conclusion. > > There is nothing agreeable about the removal of the text in question. > CSP is meant to be implemented by user agents, and the requirement in > question is there to ensure CSP will not be abused to act against the > interests of the user as part of some kind of digital repression me- > chanism. Clearly, if browsers let CSP interfere with user-controlled > scripts, they become an agent of someone other than the user. If the > text is not restored, someone will have to bring this to the attention > of the W3C Director and the Advisory Committee. > -- > Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de > Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de > 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Wednesday, 29 January 2014 19:30:29 UTC