- From: Adam Barth <w3c@adambarth.com>
- Date: Fri, 15 Nov 2013 09:01:22 -0800
- To: Yoav Weiss <yoav@yoav.ws>
- Cc: Markus Ernst <derernst@gmx.ch>, "Tab Atkins Jr." <jackalmage@gmail.com>, Ryosuke Niwa <rniwa@apple.com>, whatwg <whatwg@lists.whatwg.org>, "Jukka K. Korpela" <jkorpela@cs.tut.fi>, Markus Lanthaler <markus.lanthaler@gmx.net>
On Fri, Nov 15, 2013 at 9:00 AM, Yoav Weiss <yoav@yoav.ws> wrote:
> On Fri, Nov 15, 2013 at 4:20 PM, Adam Barth <w3c@adambarth.com> wrote:
>> My apologies. I thought Christian Biesinger addressed all these
>> concerns with his proposal:
>>
>> On Tue, Nov 12, 2013 at 5:56 PM, Christian Biesinger
>> <cbiesinger@google.com> wrote:
>> > For a bit more presentation, and while we're inventing new syntax
>> > anyway, how about this:
>> >
>> > <style>
>> > @media (min-width: 480px) {
>> > .artdirected { content: replaced url(attr(src-small)); }
>> > }
>> > @media (min-width: 600px) {
>> > .artdirected { content: replaced url(attr(src-medium)); }
>> > }
>> > @media (min-width: 800px) {
>> > .artdirected { content: replaced url(attr(src-big)); }
>> > }
>> > </style>
>> > ...
>> > <img class="artdirected" src="foo.jpg" src-small="foo-small.jpg"
>> > src-medium="foo-medium.jpg" src-big="foo-big.jpg">
>>
>> Specifically, his approach uses an <img> element, which addresses all
>> four of Maciej's concerns.
>
> You're right, Maciej's concerns were addressed by Christian's proposal (and
> John's followup proposal).
>
> Any thoughts on my concerns with making inline CSS mandatory (especially
> from the CSP angle)?
CSP 1.1 supports securing inline style and script with nonces and/or hashes.
Adam
Received on Friday, 15 November 2013 17:02:19 UTC