Hello all, We have been working hard lately to finish documenting the Content Security Policy proposal, which we plan to start implementing very soon. For those of you who have followed the progression of CSP, you have seen the model grow quite a bit in complexity. As one thinks through the CSP model, it becomes clear that a certain amount of complexity is in fact necessary for the model to be useful. I have done my best to describe the model and provide justification for the various restrictions here: http://people.mozilla.org/~bsterne/content-security-policy/details.html
We now have a specification document to work from (thanks, Sid!) and it and other supporting docs can be found on the Mozilla Wiki: https://wiki.mozilla.org/Security/CSP/Spec If you have feedback that you would like to share regarding Content Security Policy, please do so ASAP as the window for making changes to the model will soon be closing. Cheers, Brandon _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
