X-IMHO-Hat: On
Purely regarding opt-in vs opt-out:
One significant advantage of the opt-out (of protections) approach
rather than the opt-in approach is that it generally maps well to
common web developer workflows.
The opt-out model generally requires web developers to model their
expec
On 28/10/09 16:23, Gervase Markham wrote:
> On 27/10/09 09:33, Adam Barth wrote:
>> My technical argument is as follows. I think that CSP would be better
>> off with a policy language where each directive was purely subtractive
>> because that design would have a number of simplifying effects:
>
On 27/10/09 09:33, Adam Barth wrote:
> My technical argument is as follows. I think that CSP would be better
> off with a policy language where each directive was purely subtractive
> because that design would have a number of simplifying effects:
CSP's precursor, Content Restrictions
http://www.
Instead of arguing abstractly about design, I've written up a
(mostly!) complete spec for an alternative CSP design:
https://wiki.mozilla.org/Security/CSP/Strawman
I've purposely gone overboard on the directives, but most of these
directives are based on real feature requests I've received from w
