Skip to content
This repository has been archived by the owner on Jul 30, 2019. It is now read-only.

CSP: Inline element behavior processing. #185

Closed
mikewest opened this issue Apr 11, 2016 · 1 comment · Fixed by #387
Closed

CSP: Inline element behavior processing. #185

mikewest opened this issue Apr 11, 2016 · 1 comment · Fixed by #387
Assignees
@travisleithead
Milestone
HTML5.1 WD (June ...

Comments

@mikewest
Copy link
Member

It looks like the work that landed in WHATWG's HTML as whatwg/html#384 made it only partially into the current HTML 5.1 draft:

  1. Links to the "Should element's inline behavior be blocked by Content Security Policy?" algorithm are broken (they simply aren't linkified). See the occurrences right around https://w3c.github.io/html/webappapis.html#event-handler-content-event-handler-content-attribute and http://w3c.github.io/html/dom.html#the-style-attribute for example.
  2. The algorithm isn't called from "prepare a script" https://w3c.github.io/html/semantics-scripting.html#prepare-a-script (and the formatting in that section is strange).
  3. The algorithm isn't called from "update a style block" http://w3c.github.io/html/document-metadata.html#update-a-style-block.

Please take a look. :)
@travisleithead travisleithead self-assigned this Apr 12, 2016
@mikewest
Copy link
Member Author

Note that whatwg/html#1051 is in-flight, and adds an argument to this algorithm.

@chaals chaals added this to the HTML5.1 WD (June 2016) milestone May 10, 2016
@travisleithead travisleithead mentioned this issue May 16, 2016
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@travisleithead travisleithead

Labels
None yet
Projects
None yet
Milestone
HTML5.1 WD (June 2016)
Development

Successfully merging a pull request may close this issue.

[Large] Port dependent changes for CSP (and other good stuff) from WHATWG
3 participants
@mikewest @travisleithead @chaals