See inline.
On Thu, Oct 22, 2009 at 2:22 PM, Brandon Sterne bste...@mozilla.com wrote:
I'd like to take a quick step back before we proceed further with the
modularization discussion. I think it is fine to split CSP into modules,
but with the following caveats:
1. Splitting the modules
On 10/22/09 3:58 PM, Lucas Adamski wrote:
CSS is content importing.. oh but IE allows CSS expressions so its a
XSS vector too.
IE8 has killed expressions off, our CSP spec says -moz-binding has to
come from chrome: or resource: (that is, be built in).