- From: Hill, Brad <bhill@paypal.com>
- Date: Fri, 30 May 2014 16:58:51 +0000
- To: Adam Gray <adam@trackif.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Adam,
This is indeed the right place. I might suggest starting with a search of our email archives for context, as this has been a highly-debated topic in the past.
e.g.
http://www.w3.org/Search/Mail/Public/search?keywords=bookmarklets&hdr-1-name=subject&hdr-1-query=&index-grp=Public_FULL&index-type=t&type-index=public-webappsec
-Brad Hill
-----Original Message-----
From: Adam Gray [mailto:adam@trackif.com]
Sent: Tuesday, May 27, 2014 8:30 PM
To: public-webappsec@w3.org
Subject: CSP Spec question
Hello all!
Would this be the correct forum to email regarding some spec related questions? Specifically as they pertain to Bookmarklet/extension/plugin related functionality? I see the direction this spec is heading and a few pieces, in regards to the aforementioned tech, concern me. I would like to give my opinion and possibly understand a bit better the potential workarounds against the current (and future) implementations.
There is a high probability I simply lack the domain level knowledge to understand the direction chosen and a viable solution is in place for user-originating injection scripts. Or not. Hence the email!
Thanks in advance!
And thank you Mike West for directing me this way.
Cheers,
@adizam
Sent from my iPhone
Received on Friday, 30 May 2014 16:59:21 UTC