W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2016

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Fri, 2 Dec 2016 11:26:12 -0500
To: whatwg@lists.whatwg.org
Message-ID: <c5bb3453-f4ed-70e3-b2a4-6dc75b4e127a@mit.edu>
On 12/2/16 11:23 AM, Boris Zbarsky wrote:
>> (except for maybe with the new unsafe-inline option that requires
>> checksum in the head ???)
>
> unsafe-inline doesn't require a checksum.  See examples above.

It's also not new.  Certainly the November 2012 CR of CSP 1.0 [1] has 
unsafe-inline.

-Boris

[1] https://www.w3.org/TR/2012/CR-CSP-20121115/
Received on Friday, 2 December 2016 16:26:46 UTC

This archive was generated by hypermail 2.3.1 : Friday, 2 December 2016 16:26:46 UTC