mkwst at chromium.org
Mon Mar 18 01:04:01 PDT 2013
On Mon, Mar 18, 2013 at 7:38 AM, Adam Barth <abarth at webkit.org> wrote:
> > What is the CSP-expected behavior if a user-supplied script inserts an
> <script> element in order to do its work?
> There's a SHOULD-level requirement that the user script act as normal.
> That requirement is somewhat aspirational in the sense that no user
> agent implements it perfectly. We've made some improvements in that
> resource loads initiated by content scripts correctly bypass the
> page's CSP policy, but we have more work to do in order to make inline
> the page's CSP policy.
On this note, I'd love some help with
https://bugs.webkit.org/show_bug.cgi?id=100815. I've had it on my list for
quite some time, and simply haven't prioritized it correctly. If someone
with more familiarity with JSC wanted to take it up or provide
implementation pointers, that'd be brilliant.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev