Hi Sid,
actually, while I read the spec recommendation, one thing immediately came
up my mind: Why only add protection to HTML content?
To my understanding a UA could implement CSP processing not only to file
type handlers like text/html, but *any* file type handler should process
CSP
Hi Axel,
I agree that we should consider what CSP can do to protect other types
of content. We mainly stuck with HTML at first since it's the most
common document format on the Web.
This is the perfect place to start a discussion about how to apply CSP
to other types of content. What are your