Skip to content
This repository has been archived by the owner on Jul 30, 2019. It is now read-only.
This repository has been archived by the owner on Jul 30, 2019. It is now read-only.

Make sure nonces don't leak #1109

Closed
chaals opened this issue Dec 14, 2017 · 1 comment
Closed

Make sure nonces don't leak #1109

chaals opened this issue Dec 14, 2017 · 1 comment
Assignees
@chaals @siusin
Labels
security substantive
Milestone
HTML5.3 WD1

Comments

@chaals
Copy link
Collaborator

chaals commented Dec 14, 2017

The nonce attribute adopted to support CSP is vulnerable to attacks through e.g. CSS, so access to it should be restricted

Based on W3C-tests implementation is proceeding rather than done.
@chaals chaals added this to the HTML5.3 WD1 milestone Dec 14, 2017
@chaals chaals self-assigned this Dec 14, 2017
@chaals chaals mentioned this issue Dec 20, 2017
Closed
@chaals
Copy link
Collaborator Author

chaals commented Jan 30, 2018

closed in #1140

@chaals chaals closed this as completed Jan 30, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chaals chaals

@siusin siusin

Labels
security substantive
Projects
None yet
Milestone
HTML5.3 WD1
Development

No branches or pull requests
2 participants
@chaals @siusin