Re: Re: Provide hooks for Content Security Policy (CSP)?

Comments inline On Fri, Mar 4, 2016 at 11:08 PM, Domenic Denicola wrote: > From: es-discuss [mailto:es-discuss-boun...@mozilla.org] On Behalf Of Ron > Waldon > >> Are there CSP benefits for other JavaScript environments (e.g. Node.js)? > > Yes; it is something that could in

RE: Re: Provide hooks for Content Security Policy (CSP)?

From: es-discuss [mailto:es-discuss-boun...@mozilla.org] On Behalf Of Ron Waldon > Are there CSP benefits for other JavaScript environments (e.g. Node.js)? Yes; it is something that could in theory be exposed through Node's vm module (i.e. Realm creation API), which would help certain

Re: Re: Provide hooks for Content Security Policy (CSP)?

Are there CSP benefits for other JavaScript environments (e.g. Node.js)? Would there be benefits in applying CSP at the module level? e.g. module A has been vetted and can do these things, whilst module B is less trusted and has strict limitations ___

RE: Provide hooks for Content Security Policy (CSP)?

From: es-discuss [mailto:es-discuss-boun...@mozilla.org] On Behalf Of Andrea Giammarchi > Can anyone explain with few words what does this change actual mean for JS ? It means that JS will now specify how it has been implemented already in every browser, in a more rigorous way that allows the

Re: Provide hooks for Content Security Policy (CSP)?

I'm not sure it's easy to understand what is this about, but if I read eval and Function as no-op under CSP I imagine the joy of Angular framework users since both version 1 and version 2 have various bits based on evaluation ( example:

Provide hooks for Content Security Policy (CSP)?

At https://github.com/tc39/ecma262/issues/450 we have started discussing whether a discussion is warranted. Perhaps a discussion is not warranted, in which case a thread on es-discuss is not needed, as some claim. However, since we are now discussing this very question, the question of whether we