W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2015

Re: Every example fails

From: Mike West <mkwst@google.com>
Date: Fri, 12 Jun 2015 16:08:00 +0200
Message-ID: <CAKXHy=f5H-Zakcg0S7uwaB2xPK+OHfNtEuUW-yUvKFSzzmUmsw@mail.gmail.com>
To: Andrea Giammarchi <andrea.giammarchi@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
That sounds like a problem. :)

What browsers do you see this in? Would you mind filing a bug at
https://github.com/w3c/webappsec/issues/new?title=CSP: and I'll figure out
whether the spec's wrong or the browsers are wrong (and then fix the spec
either way, since browsers are shipping, and it's just a document... :) ).

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Wed, Jun 10, 2015 at 11:23 AM, Andrea Giammarchi <
andrea.giammarchi@gmail.com> wrote:

> This page used to work:
> http://webreflection.github.io/DOMContentLoaded/example.html
>
> now it fails.
>
> The example using sha512 in here also fails:
> http://www.w3.org/TR/CSP/#script-src-hash-usage
>
> if you use the sha256 version of the alert it fails too.
>
> Have inline behavior changed and the documentation needs some update or
> it's just my array of browsers that suddenly won't work anymore with CSP
> scripts?
>
> Thank you in advance for any sort of clarification.
>
Received on Friday, 12 June 2015 14:08:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC