On Tue, Oct 20, 2009 at 1:42 PM, Collin Jackson <mozi...@collinjackson.com> wrote: > I think we're completely in agreement, except that I don't think > making CSP modular is particularly hard. In fact, I think it makes the > proposal much more approachable because vendors can implement just > BaseModule (the CSP header syntax) and other modules they like such as > XSSModule without feeling like they have to implement the ones they > think aren't interesting. And they can experiment with their own > modules without feeling like they're breaking the spec.
I've factored the BaseModule out of the XSSModule, so it's clear that you could implement the HistoryModule without the XSSModule. I'd be happy to take a crack at breaking up the main CSP spec into modules on the wiki if you'd like to see what that would look like. I don't think it would be that hard. Adam _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
