22256 2013-06-04 02:20:45 +0000 Add a note regarding first line of defense. 2013-07-02 20:57:33 +0000 1 1 1 Unclassified WebAppsSec CSP unspecified All All CLOSED FIXED P2 normal --- 1 glenn w3c mike public-webappsec dave.null oldest_to_newest 88602 0 glenn 2013-06-04 02:20:45 +0000 The introduction contains the following: "Content Security Policy (CSP) is not intended as a first line of defense against content injection vulnerabilities." For those readers not familiar with the details of secure programming, it would be useful to add a Note referring to some work(s) that address the "first line[s] of defense". 90136 1 w3c 2013-07-02 20:44:38 +0000 https://dvcs.w3.org/hg/content-security-policy/rev/70fe107c0569 90138 2 glenn 2013-07-02 20:57:33 +0000 Thanks.