On Jul 6, 10:36 am, Daniel Veditz wrote:
> There is no cross-browser support for signed javascript. With the
> current CSP the site will work perfectly well in browsers that don't
> support CSP. CSP is already asking site authors to do a lot of work, but
> since it works in all browsers sites can
After reading the specs, it is clear that the main aim is to prevent
executable code within HTML files. I do agree that CSP enables web
developers to create more secure websites. In my view there is one
problem:
How is CSP going to prevent lousy web developers to include all their
dynamic content