Hi
Dne Thu, 02 Jul 2009 16:42:47 +0200 Herman van Rink rink@initfour.nl napsal(a):
Since we use quite a number of onclick="" attributes it would take considerable effort to implement this.
I totally agree.
I do not expect this to be implemented in all browsers any-time soon, since it currently is an FF only feature, and thus we still have to be very careful with properly sanitising all output.
Yes, but as CSP also allows to notify if something is doing nasty things, it will help us protecting other users, because we will be notified about possible problems from FF 3.5 users.
Therefore I see this as a possible long term goal, and something to think about when writing new code.
It makes sense to define it this way.