Perhaps I've been hanging around the IETF lists too long, but shouldn't all of the "MUST not" in the CSP spec really be "MUST NOT"?
http://www.ietf.org/rfc/rfc2119.txt - Bil _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security