W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2014

RE: CSP Spec question

From: Hill, Brad <bhill@paypal.com>
Date: Fri, 30 May 2014 16:58:51 +0000
To: Adam Gray <adam@trackif.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E35DFC1FB@DEN-EXDDA-S12.corp.ebay.com>
Adam,

 This is indeed the right place.  I might suggest starting with a search of our email archives for context, as this has been a highly-debated topic in the past.
       
       e.g.
       
       http://www.w3.org/Search/Mail/Public/search?keywords=bookmarklets&hdr-1-name=subject&hdr-1-query=&index-grp=Public_FULL&index-type=t&type-index=public-webappsec 

-Brad Hill

-----Original Message-----
From: Adam Gray [mailto:adam@trackif.com] 
Sent: Tuesday, May 27, 2014 8:30 PM
To: public-webappsec@w3.org
Subject: CSP Spec question 

Hello all!

Would this be the correct forum to email regarding some spec related questions? Specifically as they pertain to Bookmarklet/extension/plugin related functionality? I see the direction this spec is heading and a few pieces, in regards to the aforementioned tech, concern me. I would like to give my opinion and possibly understand a bit better the potential workarounds against the current (and future) implementations. 

There is a high probability I simply lack the domain level knowledge to understand the direction chosen and a viable solution is in place for user-originating injection scripts. Or not. Hence the email! 

Thanks in advance!

And thank you Mike West for directing me this way. 

Cheers,
@adizam

Sent from my iPhone
Received on Friday, 30 May 2014 16:59:21 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC