- From: Brad Hill <hillbrad@gmail.com>
- Date: Fri, 14 Aug 2015 23:25:59 +0000
- To: Jonathan Kingston <jonathan@jooped.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Friday, 14 August 2015 23:26:36 UTC
I like this idea a lot. On Fri, Aug 14, 2015 at 3:22 PM Jonathan Kingston <jonathan@jooped.com> wrote: > Hi WebAppSec, > > I have been thinking recently about how a subresource/external library > could declare what their policy was. > > My current thinking is that this would be best served by a JSON > representation of CSP policies which would aid the publisher in being able > to merge several policies together without having to do a full audit of a > third party code. > > The developer could simply merge in the new policy whilst still remaining > with the most stringent policy possible. Currently this step is manual and > I hope that this would allow it to become much more automated. > > Here is my super draft proposal: > https://gist.github.com/jonathanKingston/5699b440f608960dc089 > > Kind regards > Jonathan >
Received on Friday, 14 August 2015 23:26:36 UTC