The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: mozilla.dev.security
From: Brandon Sterne <bste...@mozilla.com>
Date: Sun, 5 Apr 2009 10:38:14 -0700 (PDT)
Local: Sun, Apr 5 2009 1:38 pm
Subject: Re: Content Security Policy - final call for comments
On Apr 4, 10:39 am, Florian Weimer <f...@deneb.enyo.de> wrote:
> The policy does not say explicitly what happens to javascript: http://people.mozilla.org/~bsterne/content-security-policy/details.ht... > hyperlinks and the on* event handlers. > You shouldn't use an X- header because it's going to stick around and I think an X-header makes sense for CSP at this point, since it is not > preventing standardization (see X-Complaints-To on Usenet). yet standardized. A standards group like W3C's public-webapps is probably the right venue for that conversation to take place. You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||