Re: Content Security Policy discussion (link)

2009-07-06 Thread pceelen
On Jul 6, 10:36 am, Daniel Veditz wrote: > There is no cross-browser support for signed javascript. With the > current CSP the site will work perfectly well in browsers that don't > support CSP. CSP is already asking site authors to do a lot of work, but > since it works in all browsers sites can

Re: Content Security Policy discussion (link)

2009-06-30 Thread pceelen
After reading the specs, it is clear that the main aim is to prevent executable code within HTML files. I do agree that CSP enables web developers to create more secure websites. In my view there is one problem: How is CSP going to prevent lousy web developers to include all their dynamic content