ACTION-127: Add one-way mutability to policy points exposed in script interface
Add one-way mutability to policy points exposed in script interface
- State:
- closed
- Person:
- Mike West
- Due on:
- November 5, 2013
- Created on:
- April 25, 2013
- Related emails:
- No related emails
Related notes:
be able to turn off (but not on) eval, inline script, inline css
Do we want to allow more than just eval and inline directives? e.g. load a library from here during boot, then disallow? or is this covered well enough by greater granularity in source expressions?
Should start with first 3.
I'm dropping the script interface entirely until we have time and energy to do it right. See Alex Russell's[1] and Yehuda Katz's[2] feedback for the sorts of things we'll need to think about.
[1]: http://infrequently.org/2013/05/use-case-zero/
[2]: http://yehudakatz.com/2013/05/24/an-extensible-approach-to-browser-security-policy/
Display change log.