[Phpmyadmin-devel] Content Security Policy

Michal Čihař michal at cihar.com
Fri Jul 3 10:11:40 CEST 2009


Hi

Dne Thu, 02 Jul 2009 16:42:47 +0200
Herman van Rink <rink at initfour.nl> napsal(a):

> Since we use quite a number of onclick="" attributes  it would take
> considerable effort to implement this.

I totally agree.

> I do not expect this to be implemented in all browsers any-time soon,
> since it currently is an FF only feature, and thus we still have to be
> very careful with properly sanitising all output.

Yes, but as CSP also allows to notify if something is doing nasty
things, it will help us protecting other users, because we will be
notified about possible problems from FF 3.5 users.

> Therefore I see this as a possible long term goal, and something to
> think about when writing new code.

It makes sense to define it this way.

-- 
	Michal Čihař | http://cihar.com | http://phpmyadmin.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20090703/ee4952a0/attachment.sig>


More information about the Developers mailing list