W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

CSP sandboxing and workers

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sun, 1 Jun 2014 10:04:08 +0200
Message-ID: <CADnb78gCsaG1vtGiV_pjZ_McwTN4axMs0qDO13dTET0wj=tn8Q@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
Cc: Ian Hickson <ian@hixie.ch>
We should note in the specification that sandboxing only has effect
when CSP applies to a global environment associated with a browsing
context. It wouldn't apply to workers or e.g. a document fetched
through XMLHttpRequest.

However, we might want to have it apply to workers, maybe we should
introduce that?

Received on Sunday, 1 June 2014 08:04:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC