W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts

From: Florian Weber <fweber@rebrush.de>
Date: Tue, 21 Oct 2014 13:14:20 +0200
Message-ID: <CABHFno3S+_aYMYYmma8UcgWQpt1TKT+GN+Wnhi=jZU7Eya-OxA@mail.gmail.com>
To: public-webappsec@w3.org
I think this Issue is not solved or discussed.
Is anybody else seeing Problems here for adoption in the wild?

There are a lot of Tracking and Advertisment Scripts out there and I think
it would be a lot easier to adopt CSP (without the use of unsafe-inline) if
the behavior would be changed.

Any other opinions?

Über mich bei Google Plus
<http://@fwebdev>, XING <https://www.xing.com/profile/Florian_Weber7>
Received on Tuesday, 21 October 2014 11:14:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC