On 8/10/09 5:00 AM, Gervase Markham wrote:
On 30/07/09 18:51, Daniel Veditz wrote:
* Move "inline" and "eval" keywords from "script-src" to a separate
directive, so that all the -src directives have the same syntax
I've argued that too and I think we agreed, although I don't see that
reflected in the spec or on the talk page.
Yes, we did agree this.
I tried to find in my notes and email archives how exactly we decided to
move the keywords out, and couldn't find anything specific. Anyway, I
added an "options" directive to the spec[0] that captures this change.
I also added a thread on the wiki discussion page[1].
Cheers,
Sid
[0]https://wiki.mozilla.org/Security/CSP/Spec#options
[1]https://wiki.mozilla.org/Talk:Security/CSP/Spec#Option_.28not_source.29_Keywords_.28OPEN.29
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
