Re: [CSP] Clarifications on nonces

> I agree, and I think this is maybe the key design point of the CSP
> hash and CSP nonce mechanisms: Maybe the goal isn't to create secure
> ways of doing inline script and inline CSS, but rather the goal is
> only to make them *less unsafe*. Perhaps this is something to note in
> the security considerations for both mechanisms.



Received on Friday, 7 November 2014 22:51:16 UTC