- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 10 Nov 2014 09:58:45 +0100
- To: Brian Smith <brian@briansmith.org>
- Cc: Daniel Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Nov 10, 2014 at 3:45 AM, Brian Smith <brian@briansmith.org> wrote: > More generally, as people add stuff to the (WHATWG) HTML Standard, > they need a way of specifying how CSP works for it, and/or a way to > define new CSP directives for that stuff, without waiting for a new > level of CSP to go through standardization at W3C. This is addressed by defining CSP in terms of Fetch and defining new features in terms of Fetch. That way CSP blocking will naturally fall out. And this would cover everything. We already discussed this to some extent on this very list though and I thought this was already agreed, but it seems to be new so I guess if there are any questions on this plan, Mike and I can elaborate. -- https://annevankesteren.nl/
Received on Monday, 10 November 2014 08:59:11 UTC