Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
CSP 1.1: Add non-normative language for extensions.
After discussion outside the WG, on the list[1] and on the 2014-02-16 call[2], the WG decided to revisit the change in [3]. The language in this patch seems like a compromise that everyone can accept. [1]: http://lists.w3.org/Archives/Public/public-webappsec/2014Feb/0098.html [2]: http://www.w3.org/2014/02/26-webappsec-minutes.html [3]: cbfaa8e
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -913,6 +913,10 @@ <h3>Processing Model</h3> | |
| usurp the resource's privileges that have been restricted in this | ||
| way.</p> | ||
|
|
||
| <p>Note that user agents may allow users to modify or bypass policy | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong. 
metromoxie
Contributor
|
||
| enforcement through user preferences, bookmarklets, third-party | ||
| additions to the user agent, and other such mechanisms.</p> | ||
|
|
||
| <p>To <dfn id="monitor">monitor</dfn> a policy, the user agent MUST | ||
| <a href="#parse-a-policy">parse the policy</a> and monitor each of | ||
| the directives contained in the policy.</p> | ||
|
|
||
Why may and not should?