From 332b8b8b187248524c0d2a655fd1334278cbf865 Mon Sep 17 00:00:00 2001
From: Noam Rosenthal
At the time of inserting the meta
element to the document, it is
+ possible that some resources have already been fetched. For example, images might be stored in
+ the list of available images prior to dynamically inserting a meta
+ element with an http-equiv
attribute in the Content security policy state.
+ Resources that have already been fetched are not guaranteed to be blocked by a Content
+ Security Policy that's enforced late.
A page might choose to mitigate the risk of cross-site scripting attacks by preventing the