On Fri, Nov 15, 2013 at 10:25 AM, matmarquis.com <[email protected]> wrote: > On Nov 15, at 12:27 PM, Yoav Weiss wrote: >>>> Any thoughts on my concerns with making inline CSS mandatory (especially >>>> from the CSP angle)? >>> >>> CSP 1.1 supports securing inline style and script with nonces and/or >>> hashes. >> >> OK, since the latest proposals keep the URLs outside the style, modifying >> the content image can keep the same style, assuming layout is identical. So >> these inline-style are not more likely to change than any other >> inline-styles and the authoring complexity is identical to other inline >> styles. >> >> Still - I'm not sure such a solution is author friendly. > > I’m just not sure what this proposal claims to handle or support that `src-n` > doesn’t, apart from handling it with a slightly different syntax that’s > subjectively preferred by a few people? Seems like it depends on a number of > fairly large assumptions, but doesn’t really bring anything new to the table.
The primary benefit of this proposal over src-N is that implementors are willing to implement it (or at least haven't refused to implement it yet). Adam
