- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 15 Feb 2016 10:55:31 +1100
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Artur Janc <aaj@google.com>, Lukas Weichselbaum <lwe@google.com>, Michele Spagnuolo <mikispag@google.com>
On 14 February 2016 at 16:39, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > Personally, my preference for increasing complexity is in the order---web > apps and then browsers and then standards. The priority of constituencies would (perfectly) disagree on this point. https://www.w3.org/TR/html-design-principles/#priority-of-constituencies The thing I'm trying to wrap my head around is how this fits with the general CSP design pattern. How does adding this directive narrow the set of things that are permitted? It actually appears to do the opposite. The purpose being to give dynamically inserted scripts an exemption.
Received on Sunday, 14 February 2016 23:56:00 UTC