W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts

From: Florian Weber <fweber@rebrush.de>
Date: Tue, 21 Oct 2014 13:14:20 +0200
Message-ID: <CABHFno3S+_aYMYYmma8UcgWQpt1TKT+GN+Wnhi=jZU7Eya-OxA@mail.gmail.com>
To: public-webappsec@w3.org
I think this Issue is not solved or discussed.
Is anybody else seeing Problems here for adoption in the wild?

There are a lot of Tracking and Advertisment Scripts out there and I think
it would be a lot easier to adopt CSP (without the use of unsafe-inline) if
the behavior would be changed.

Any other opinions?

-- 
Über mich bei Google Plus
<https://plus.google.com/103885057599472805071/posts>,Twitter
<http://@fwebdev>, XING <https://www.xing.com/profile/Florian_Weber7>
Received on Tuesday, 21 October 2014 11:14:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC