Perhaps I've been hanging around the IETF lists too long, but shouldn't all of the "MUST not" in the CSP spec really be "MUST NOT"?
http://www.ietf.org/rfc/rfc2119.txt
- Bil
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
