Importing modules inside HTML imports

Anne van Kesteren annevk at
Mon Aug 18 08:02:40 PDT 2014

On Mon, Aug 18, 2014 at 4:57 PM, John Barton <johnjbarton at> wrote:
> So you are claiming that CSP no longer restricts inline scripts and that the
> various online docs are incorrect?  Or only that the server  set the
> "unsafe-inline" value to opt out of the restriction?

Neither. See
for the new nonce-source and hash-source features. (Don't read TR/,
it's kind of equivalent to reading the previous version of ES, but


More information about the es-discuss mailing list