On Mar 29, 11:46 am, Sid Stamm wrote:
> On 3/28/09 7:10 PM, FunkyRes wrote:> I've been working on a php class that
> implements CSP as an output
> > 1) if style-src does not contain the host the page is being served
> > from, do in-line style need to be blocked?
>
> I think that would be the righ
On Jun 12, 3:56 am, Gervase Markham <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > Analyzed, no... but I agree that the Request-Source checks should only
> > be made for non-safe methods.
> Yes; I think the current write-up is confusing on this point.
I've updated the proposal to make t
On Jun 7, 4:47 pm, Nils Maier <[EMAIL PROTECTED]> wrote:
> * a lot of reinvent the wheel code is in there, like getHostFromURL
> (instead of using nsIURI/nsIURL/nsIEffectiveTLDService).
>
> * A regex-based homebrown html parser. I wonder how good it is, how good
> it will get... Bad people are know
On Jun 5, 10:40 am, Gervase Markham <[EMAIL PROTECTED]> wrote:
> - Are we concerned about the bandwidth used by the additional headers,
> or are the days of worrying about a few bytes overhead per request long
> past?
I am not particularly concerned with the additional bandwidth, nor
have I heard