Daniel Veditz wrote:
CSP is designed so that mistakes of omission tend to break the site break. This won't introduce subtle bugs, rudimentary content testing will quickly reveal problems.
But won't authors fail to understand how to solve the problem, and open everything wide ? From experience, that's what happens with technologies that are too complex.
A simpler syntax for simple case really would help, it's just that Ian is coming a bit late for this.
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security