- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 08 Sep 2010 11:10:01 +0200
On Tue, 07 Sep 2010 22:57:27 +0200, Adam Barth <w3c at adambarth.com> wrote: > It sounds like CSP is creating sub-origin privileges. Sub-origin > privileges don't really work, so it's unclear to what a sensible > result would be. This is a problem with your alternative CSP proposal as well, no? https://wiki.mozilla.org/Security/CSP/AllowedScripts It prevents a bunch of things, but when loaded in an iframe someone else on the same-origin can still inject a script of some sorts. -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 8 September 2010 02:10:01 UTC