Importing modules inside HTML imports

John Barton johnjbarton at google.com
Mon Aug 18 11:26:57 PDT 2014


Sounds promising, but the key use case cited by Brendan is ease-of-use so
it's important that all of this happens by default as far as Web devs are
concerned.


On Mon, Aug 18, 2014 at 11:23 AM, caridy <caridy at gmail.com> wrote:

> John, you can also use SPDY/HTTP2.0 PUSH to send sticky code alongside
> with the original HTML that will mimic the use of inline scripts but
> behaves like an external script. Essentially, you will have: `<script
> src="/my-sticky-data-and-initialization-per-page.js"></script>`, while that
> script is actually sent thru the SPDY multi-plex, which means no roundtrip
> is issued, no perf penalty, and it complies with CSP restrictions, the best
> of both worlds!
>
> /caridy
>
> On Aug 18, 2014, at 11:35 AM, John Barton <johnjbarton at google.com> wrote:
>
>
>
>
> On Mon, Aug 18, 2014 at 8:02 AM, Anne van Kesteren <annevk at annevk.nl>
> wrote:
>
>> On Mon, Aug 18, 2014 at 4:57 PM, John Barton <johnjbarton at google.com>
>> wrote:
>> > So you are claiming that CSP no longer restricts inline scripts and
>> that the
>> > various online docs are incorrect?  Or only that the server  set the
>> > "unsafe-inline" value to opt out of the restriction?
>>
>> Neither. See
>> https://w3c.github.io/webappsec/specs/content-security-policy/
>> for the new nonce-source and hash-source features. (Don't read TR/,
>> it's kind of equivalent to reading the previous version of ES, but
>> worse.)
>>
>
> Excellent thanks!  Hope those new features are adopted and servers
> routinely implement the hash-source feature.
>
> jjb
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20140818/5af7c200/attachment-0001.html>


More information about the es-discuss mailing list