- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 31 Oct 2014 08:50:26 +0100
- To: Brad Hill <hillbrad@gmail.com>
- Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 30, 2014 at 8:43 PM, Brad Hill <hillbrad@gmail.com> wrote: > Should the subject of this thread reference CSP rather than MIX? Perhaps. I thought it could be called out here since this is explicitly talking about user controls. > I believe we want to leave it that way. (saying nothing and leaving > this choice to user agents) Really? That sounds super bad. If my security policy blocks something, I don't want users to have the option to make themselves vulnerable. -- https://annevankesteren.nl/
Received on Friday, 31 October 2014 07:50:53 UTC