ACTION-127: Add one-way mutability to policy points exposed in script interface

Add one-way mutability to policy points exposed in script interface

State:
closed
Person:
Mike West
Due on:
November 5, 2013
Created on:
April 25, 2013
Related emails:
No related emails

Related notes:

be able to turn off (but not on) eval, inline script, inline css

Brad Hill, 25 Apr 2013, 18:29:29

Do we want to allow more than just eval and inline directives? e.g. load a library from here during boot, then disallow? or is this covered well enough by greater granularity in source expressions?

Should start with first 3.

Brad Hill, 25 Apr 2013, 18:35:26

I'm dropping the script interface entirely until we have time and energy to do it right. See Alex Russell's[1] and Yehuda Katz's[2] feedback for the sorts of things we'll need to think about.

[1]: http://infrequently.org/2013/05/use-case-zero/
[2]: http://yehudakatz.com/2013/05/24/an-extensible-approach-to-browser-security-policy/

Mike West, 27 Dec 2013, 08:55:19

Display change log.

Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 127.html,v 1.1 2020/01/17 08:51:17 carcone Exp $