* Brandon Sterne: > We now have a specification document to work from (thanks, Sid!) and > it and other supporting docs can be found on the Mozilla Wiki: > https://wiki.mozilla.org/Security/CSP/Spec
The policy does not say explicitly what happens to javascript: hyperlinks and the on* event handlers. You shouldn't use an X- header because it's going to stick around and preventing standardization (see X-Complaints-To on Usenet). _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
