From 8b3a4abd4aadac55ddd31c37568c963dd70f5e17 Mon Sep 17 00:00:00 2001
From: Noam Rosenthal
At the time of inserting the meta
element to the document, it is
+ possible that some resources have already been fetched. For example, images might be stored in
+ the list of available images prior to dynamically inserting a meta
+ element with a Content security
+ policy state. Resources that have already been fetched are not guaranteed to be
+ protected by a Content Security Policy that's
+ enforced late.
A page might choose to mitigate the risk of cross-site scripting attacks by preventing the