- From: Brad Hill <hillbrad@gmail.com>
- Date: Tue, 20 Jan 2015 18:40:30 +0000
- To: Jim Manico <jim.manico@owasp.org>, Vítor Magano <magano227@gmail.com>, public-webappsec@w3.org
Received on Tuesday, 20 January 2015 18:40:58 UTC
Chrome is the only implementation I know of right now supporting most of CSP 2 features - some downstream Blink based browsers like Opera may inherit it soon. Firefox supports the nonce and hash source expressions for inline content but I'm not aware of other support at this time. Not really sure about the state of the IE preview. -Brad On Mon Jan 19 2015 at 12:52:24 PM Jim Manico <jim.manico@owasp.org> wrote: > Vítor, > > Perhaps build a CSP2 set of test cases as part of your thesis? I am sure > the community would really like that research done. > > Aloha, > Jim > > > On 1/16/15 6:21 AM, Vítor Magano wrote: > > Hello, > I’m doing my thesis about Content Security Policy in Portugal and I’ve > been doing my research. I’ve found a lot of information but there is > something I can’t find, detailed information about browser support related > to Content Security Policy Level 2. I’ve found a website about Google > Chrome which says that starting from version 41 CSP2 will be enabled by > default but I still don’t know since when they have the experimental > implementation. I would like, if possible, to have this information related > with the main browsers. > > Best Regards, > -- > Vítor Magano > > >
Received on Tuesday, 20 January 2015 18:40:58 UTC