canmove, Confirmed users
1,537
edits
Talk:Security/CSP/Spec: Difference between revisions
→video and audio src
| Line 224: | Line 224: | ||
I ''am'' an idiot. Sorry about that! But, Why is there a separate img-src ? Why isn't it covered in media-src ? (too many *-src tags still worries me :) --duryodhan | I ''am'' an idiot. Sorry about that! But, Why is there a separate img-src ? Why isn't it covered in media-src ? (too many *-src tags still worries me :) --duryodhan | ||
Embedded audio and video are relatively new compared to images on web pages and when rendered on a page these media are displayed with controls. Images by contrast can be backgrounds, and touch a completely different part of the code. In fact, it's completely reasonable to think that a site that wants to use images will want to prohibit videos from showing up -- especially since video codecs are newer and more prone to security-sensitive crash bugs than image codecs. | |||
-[[User:Sidstamm|Sid]] | |||
==<strike> javascript: URIs by user</strike> == | ==<strike> javascript: URIs by user</strike> == | ||