W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

webappsec-ISSUE-70 (Using ni:/// as CSP source): Investigate using ni:/// as a CSP source expression [CSP Next]

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 04 Nov 2014 22:46:37 +0000
Message-Id: <E1Xlms1-0007aR-J4@stuart.w3.org>
To: public-webappsec@w3.org
webappsec-ISSUE-70 (Using ni:/// as CSP source): Investigate using ni:/// as a CSP source expression [CSP Next]

http://www.w3.org/2011/webappsec/track/issues/70

Raised by: Brad Hill
On product: CSP Next

For both use of subresource integrity to whitelist e.g. CDN content that may be assumed to be potentially untrustworthy and to allow more granular listing of particular data: or blob: resources, investigate the possibility of expanding the CSP source productions and processing rules to include ni:/// uris.
Received on Tuesday, 4 November 2014 22:46:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC