Importing modules inside HTML imports

Anne van Kesteren annevk at annevk.nl
Mon Aug 18 08:02:40 PDT 2014


On Mon, Aug 18, 2014 at 4:57 PM, John Barton <johnjbarton at google.com> wrote:
> So you are claiming that CSP no longer restricts inline scripts and that the
> various online docs are incorrect?  Or only that the server  set the
> "unsafe-inline" value to opt out of the restriction?

Neither. See https://w3c.github.io/webappsec/specs/content-security-policy/
for the new nonce-source and hash-source features. (Don't read TR/,
it's kind of equivalent to reading the previous version of ES, but
worse.)


-- 
http://annevankesteren.nl/


More information about the es-discuss mailing list