Hi Tom, We don't appear to have a standards-position entry for this, which would be a prerequisite for experimenting and shipping. Could you file an issue to get that process started? Thanks.
On Wed, Jul 13, 2022 at 4:31 AM Tom Schuster <[email protected]> wrote: > CSP 3 adds two new directives that supersede the script-src directive. > These must be honored if present, with a fallback to script-src only > if they are not present. > The attributes allow finer control for allowing scripts only in script > blocks or script attributes (event handlers). > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1529337 > Standard: https://w3c.github.io/webappsec-csp/#csp-directives > Platform Coverage: all > Tests: Various web-platform-tests > Other Browsers: > - Chrome: Implemented in 79 > - Safari: MDN claims this in Tech Preview > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CA%2BCWiYia0zafa_6-65o2%2BQruiuTeB26qNntS%2B0D_asoyo5vrCw%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADa3RMMXiVge5jcJ4mWyp0XATRPbdmpeBP2F6vQ-0O6Kir-Tyw%40mail.gmail.com.
