- From: Gervase Markham <gerv@mozilla.org>
- Date: Thu, 29 Mar 2007 09:57:47 +0100
Alexey Feldgendler wrote: > What's wrong with simply placing it after </body>? It may be in the future that the location of the script within the page affects its security status. http://www.gerv.net/security/content-restrictions/ (Or, to put it another way, authors may wish to put all their script e.g. within the <head> to allow them to use XSS mitigation measures.) Therefore, we should try, as far as possible, not to impose restrictions which dictate where in the page a particular script needs to be. Gerv
Received on Thursday, 29 March 2007 01:57:47 UTC