Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts from Anne van Kesteren on 2014-10-21 (public-webappsec@w3.org from October 2014)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 21 Oct 2014 13:43:04 +0200
To: Florian Weber <fweber@rebrush.de>
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CADnb78i2AWNmHb_tAfsMYrWaf8UMZ2x53L-LhGy9ezTv3o9uxg@mail.gmail.com>

On Tue, Oct 21, 2014 at 1:14 PM, Florian Weber <fweber@rebrush.de> wrote:
> There are a lot of Tracking and Advertisment Scripts out there and I think
> it would be a lot easier to adopt CSP (without the use of unsafe-inline) if
> the behavior would be changed.

How do you envision changing the behavior while retaining the security?


-- 
https://annevankesteren.nl/

Received on Tuesday, 21 October 2014 11:43:33 UTC