On 3/19/13 4:12 AM, [email protected] wrote:
Thanks Boris, but what does that mean for me now?
Repeating my intention "that I want to send an identifier for some inline script tag
via a new CSP rule, check if an existing inline script tag owns this identifier and allow
its execution only in this case" I still ask myself: can I use shouldProcess() for
this?
I don't know. Have you checked whether ShouldProcess is called for
inline scripts?
Besides, you write that in some cases it might not get called for inline
scripts. Could you please explain these cases?
No, I wrote that it may not get called for them. Like at all, not in
some cases. I certainly see no indication that it is, but maybe it's
done in some roundabout way I'm missing.
-Boris
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
