- From: Mike West <mkwst@google.com>
- Date: Mon, 3 Nov 2014 14:43:35 +0100
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Monday, 3 November 2014 13:44:24 UTC
On Mon, Nov 3, 2014 at 2:36 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > On 11/3/14, 8:24 AM, Mike West wrote: > >> I've started putting together a strawman DOM API for discussion: >> https://w3c.github.io/webappsec/specs/content- >> security-policy/#strawman-dom-api >> > > Mike, why is SecurityPolicySource marked NoInterfaceObject? > I think of it as a pure virtual interface which SecurityPolicySourceURL, SecurityPolicySourceHash, and SecurityPolicySourceNonce implement. I suppose this doesn't actually require marking it as NoInterfaceObject, however. > Similar for SecurityPolicyDirective. > Ditto. It would be implemented by SecurityPolicySourceListDirective, SecurityPolicyMediaTypeDirective, and SecurityPolicyToBeDeterminedDirective. > Please don't use IDL arrays; pick a sane type for > SecurityPolicySourceListDirective.sources and SecurityPolicy.directives. Those are arrays only because Bikeshed is rejecting `sequence<SecurityPolicySource>`. Conceptually, however, I hope the strawman is at least clear as to how I'd suggest structuring things for source list directives: SecurityPolicy holds and exposes a set of Directives, which hold and expose a set of SecurityPolicySources. -mike
Received on Monday, 3 November 2014 13:44:24 UTC