* Brandon Sterne: > On Apr 4, 10:39 am, Florian Weimer <[email protected]> wrote: >> The policy does not say explicitly what happens to javascript: >> hyperlinks and the on* event handlers. > > http://people.mozilla.org/~bsterne/content-security-policy/details.html#no-inline-script
Uhm, I meant to say, it's not in the spec. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
