Instead of arguing abstractly about design, I've written up a (mostly!) complete spec for an alternative CSP design:
https://wiki.mozilla.org/Security/CSP/Strawman I've purposely gone overboard on the directives, but most of these directives are based on real feature requests I've received from web developers. I don't actually think we should do all of them in the first iteration. I just wanted to give you a flavor of the kinds of things you could do with this sort of mechanism. Adam _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
