One more thing that little bit worries me, that the most common request when it comes to CSP is banning inline scripts. If all the imports obey the CSP of the master, which I think the only way to go, that also probably means that in most cases we can only use imports those do not have any inline scripting either... I think this should be mentioned in the spec. Since if you develop some huge library let's say, based on imports, and then no costumer can use it who also want to have CSP, because it's full of inline scripts, that would be quite annoying.
- [HTML imports]: Imports and Content Security Policy Frederik Braun
- Re: [HTML imports]: Imports and Content Security Pol... Hajime Morrita
- Re: [HTML imports]: Imports and Content Security... Frederik Braun
- Re: [HTML imports]: Imports and Content Secu... Hajime Morrita
- Re: [HTML imports]: Imports and Content ... Nick Krempel
- Re: [HTML imports]: Imports and Con... Frederik Braun
- Re: [HTML imports]: Imports and... Nick Krempel
- Re: [HTML imports]: Imports and Content Security Pol... Gabor Krizsanits
- Re: [HTML imports]: Imports and Content Security... Scott Miles
- Re: [HTML imports]: Imports and Content Secu... Nick Krempel
- Re: [HTML imports]: Imports and Content ... Gabor Krizsanits
- Re: [HTML imports]: Imports and Con... Hajime Morrita
- Re: [HTML imports]: Imports and... Frederik Braun
- Re: [HTML imports]: Imports... Hajime Morrita
- Re: [HTML imports]: Imports... Frederik Braun
- Re: [HTML imports]: Imports... Hajime Morrita
- Re: [HTML imports]: Imports and Content Secu... Frederik Braun
