Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

On 12/2/16 11:23 AM, Boris Zbarsky wrote:
>> (except for maybe with the new unsafe-inline option that requires
>> checksum in the head ???)
>
> unsafe-inline doesn't require a checksum.  See examples above.

It's also not new.  Certainly the November 2012 CR of CSP 1.0 [1] has 
unsafe-inline.

-Boris

[1] https://www.w3.org/TR/2012/CR-CSP-20121115/

Received on Friday, 2 December 2016 16:26:46 UTC