W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 21 Oct 2014 13:43:04 +0200
Message-ID: <CADnb78i2AWNmHb_tAfsMYrWaf8UMZ2x53L-LhGy9ezTv3o9uxg@mail.gmail.com>
To: Florian Weber <fweber@rebrush.de>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Tue, Oct 21, 2014 at 1:14 PM, Florian Weber <fweber@rebrush.de> wrote:
> There are a lot of Tracking and Advertisment Scripts out there and I think
> it would be a lot easier to adopt CSP (without the use of unsafe-inline) if
> the behavior would be changed.

How do you envision changing the behavior while retaining the security?

Received on Tuesday, 21 October 2014 11:43:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC