[webkit-dev] script MIME restrictions for X-Content-Type-Options: nosniff
abarth at webkit.org
Thu Nov 10 10:02:59 PST 2011
IMHO, having an ENABLE flag is better because supporting nosniff
requires work both inside and outside of WebKit. It's better if folks
need to turn on the WebKit parts explicitly so they don't end up
half-implementing the feature.
On Thu, Nov 10, 2011 at 9:50 AM, Tom Sepez <tsepez at chromium.org> wrote:
> Hi webkit-dev,
> I'd like to implement restrictions on script execution in webkit along the
> lines of what has already happened here:
> http://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx and to that
> end I've filed https://bugs.webkit.org/show_bug.cgi?id=71851.
> A question has come up as to whether this needs to/should be behind an
> ENABLE_NOSNIFF flag, so I'm reaching out to this larger list to solicit
> feedback. Thanks.
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
More information about the webkit-dev