W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: [CSP] enforcement on non text-html resources

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 4 Jun 2014 18:37:25 +0200
Message-ID: <CADnb78iJ9=4MU_KKDK+LZfGEjxSQ9_+Q=-HHeuGdrqpHZN_B7A@mail.gmail.com>
To: Neil Matatall <neilm@twitter.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Jun 4, 2014 at 6:29 PM, Neil Matatall <neilm@twitter.com> wrote:
> I've already put up a patch to stop applying CSP to this resource. Was
> that the right thing to do?

Per the HTML Standard a document is to be created if such resources
are loaded in a browsing context. CSP should apply to that.


-- 
http://annevankesteren.nl/
Received on Wednesday, 4 June 2014 16:37:53 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC