W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: [CSP] Clarifications on nonces

From: Jim Manico <jim.manico@owasp.org>
Date: Mon, 9 Feb 2015 11:08:06 +0100
Message-ID: <-5951037444889157253@unknownmsgid>
To: Mike West <mkwst@google.com>
Cc: Brian Smith <brian@briansmith.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Daniel Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
> The general thrust is "Don't run third-party JavaScript in your site's context." and "Don't serve ads that require DOM access"

Mike, this shuts down the vast majority of the internet advertising
industry and doesn't seem realistic, especially for media-centric
endeavors. What is the endgame here, sandboxing or forcing the ad
industry to fundamentally change?

--
Jim Manico
@Manicode
(808) 652-3805

> On Feb 9, 2015, at 10:32 AM, Mike West <mkwst@google.com> wrote:
>
> The general thrust is "Don't run third-party JavaScript in your site's context." and "Don't serve ads that require DOM access
Received on Monday, 9 February 2015 10:08:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC