Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
CSP 1.1: Add non-normative language for extensions.
After discussion outside the WG, on the list[1] and on the 2014-02-16 call[2], the WG decided to revisit the change in [3]. The language in this patch seems like a compromise that everyone can accept. [1]: http://lists.w3.org/Archives/Public/public-webappsec/2014Feb/0098.html [2]: http://www.w3.org/2014/02/26-webappsec-minutes.html [3]: cbfaa8e
- Loading branch information
Showing
with
4 additions
and 0 deletions.
@@ -913,6 +913,10 @@ <h3>Processing Model</h3> | ||
usurp the resource's privileges that have been restricted in this | ||
way.</p> | ||
|
||
<p>Note that user agents may allow users to modify or bypass policy | ||
This comment has been minimized.
This comment has been minimized.
metromoxie
Contributor
|
||
enforcement through user preferences, bookmarklets, third-party | ||
additions to the user agent, and other such mechanisms.</p> | ||
|
||
<p>To <dfn id="monitor">monitor</dfn> a policy, the user agent MUST | ||
<a href="#parse-a-policy">parse the policy</a> and monitor each of | ||
the directives contained in the policy.</p> | ||
Why may and not should?