- From: Glenn Adams <glenn@skynav.com>
- Date: Mon, 24 Feb 2014 16:05:54 -0700
- To: Mike Pomax Kamermans <pomax@nihongoresources.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Monday, 24 February 2014 23:06:42 UTC
On Mon, Feb 24, 2014 at 10:23 AM, Mike "Pomax" Kamermans < pomax@nihongoresources.com> wrote: > On 2/24/2014 5:31 AM, Mike West wrote: > >> With this in mind, I'm inclined to add a non-normative note to the spec >> along the lines of "Note that user agents are encouraged to allow >> third-party add-ons and JavaScript bookmarklets to bypass policy >> enforcement, either implicitly or based on the user's preference." >> > > It might be worth changing it slightly to be solution-agnostic, so there's > no problem when we invent a third/fourth/etc technology that adds > functionality to a browser in addition to bookmarklets and addons, but I'd > be quite happy to just see this phrase back in the spec =) > > If we had to rephrase, I'd suggest something like "User agents are > encouraged to allow users to modify or bypass CSP enforcement, through user > preferences and/or third-party additions to the user-agent" so that we're > not tied to specifically bookmarklets and extensions. I could accept this if "encouraged" were changed to "permitted". > > > - Mike "Pomax" Kamermans > > >
Received on Monday, 24 February 2014 23:06:42 UTC