W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: CSP3: DOM API Strawman

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Tue, 4 Nov 2014 11:50:14 -0800
Message-ID: <CAPfop_2bcfj9LVa8kxX_ZdPThXHu8CO7m7AUEjuXX330ZOJ35g@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Is there a discussion or design document about what sort of problems
the DOM API is trying to solve? For example, as a CSP user, I would
love to be able to modify the policy. This doesn't seem to address
that right now. What it does address is "will this request succeed";
but given the ViolationEvent Interface, isn't that really easy to
check -- just try to make the request and see if the violation event
is thrown?

--dev

On 3 November 2014 11:46, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 11/3/14, 8:59 AM, Mike West wrote:
>>
>> It would be good to be able to walk through the
>> list with a `forEach` in order to determine whether a specific Request
>> or Node matched an item in the list.
>
>
> Sure, but matchesNode is only exposed on two of these interfaces, right?
> And matchesURL on the third one?  And then have nothing else in common.
>
> I think having a common ancestor is fine, but a union type would be fine in
> this case too.  If there were a common method, of course, the common
> ancestor interface would definitely be what we want.
>
> -Boris
>
Received on Tuesday, 4 November 2014 19:51:01 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC