W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

Re: new meta tags to protect code visibility or immuatbility

From: Ahmed Saleh <ahmedzs@live.ca>
Date: Wed, 24 Feb 2016 04:03:47 -0500
Message-ID: <BLU405-EAS1364B7187A4A41763B88CE2ACA50@phx.gbl>
To: Daniel Veditz <dveditz@mozilla.com>
CC: Mitar <mmitar@gmail.com>, Brad Hill <hillbrad@gmail.com>, Craig Francis <craig.francis@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Some websites disable right click buttons and copying. Isn't that a violation of the rule as well? (I.e. Users should be allowed to copy contents but the feature is disabled)

Sent from my iPhone

> On Feb 24, 2016, at 3:45 AM, Daniel Veditz <dveditz@mozilla.com> wrote:
> You are indeed trolling. Making bookmarklets and some add-ons work when CSP is applied is _hard_. They are not broken because CSP-implementing browser vendors are valuing the page author over the user. We don't know how to balance a feature that wants random content injection and a feature that is trying to prevent content injection. Firefox does allow users to disable CSP entirely if they think it is interfering with their experience (users win, as the PoC says they should); I wouldn't be surprised if Chrome didn't also support that as an advanced option.
> -Dan Veditz
Received on Wednesday, 24 February 2016 09:04:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC