- From: Brad Hill <hillbrad@gmail.com>
- Date: Thu, 30 Oct 2014 12:43:13 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>
Should the subject of this thread reference CSP rather than MIX? CSP currently says nothing normative about user controls, except what you might infer from the note about processing bookmarklets, etc. in http://www.w3.org/TR/CSP2/#processing-model. I believe we want to leave it that way. (saying nothing and leaving this choice to user agents) On Thu, Oct 30, 2014 at 7:11 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Oct 30, 2014 at 3:03 PM, Mike West <mkwst@google.com> wrote: >> What do you mean? What controls do folks want for CSP that we're not >> offering? > > When I explained CSP to people they thought it was similar to Mixed > Content and could be overridden by the end user. It might be > worthwhile to point out in the specification that won't happen. > > > -- > https://annevankesteren.nl/ >
Received on Thursday, 30 October 2014 19:43:41 UTC