Skip to content

Commit

Permalink
Add note about late CSP
Browse files Browse the repository at this point in the history
  • Loading branch information
noamr committed Mar 8, 2022
1 parent deef8ba commit 8b3a4ab
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -15404,6 +15404,14 @@ people expect to have work and what is necessary.
data-x="attr-meta-content">content</code> attribute will be <span
data-x="enforce the policy">enforced</span> upon the current document. <ref spec=CSP></p>

<p class="note">At the time of inserting the <code>meta</code> element to the document, it is
possible that some resources have already been fetched. For example, images might be stored in
the <span>list of available images</span> prior to dynamically inserting a <code>meta</code>
element with a <span data-x="attr-meta-http-equiv-content-security-policy">Content security
policy state</span>. Resources that have already been fetched are not guaranteed to be
protected by a <span>Content Security Policy</span> that's
<span data-x="enforce the policy">enforced</span> late.</p>

<div class="example">

<p>A page might choose to mitigate the risk of cross-site scripting attacks by preventing the
Expand Down

0 comments on commit 8b3a4ab

Please sign in to comment.