Shared publicly  - 
 
Hey folks!

This is important!! If you're at all interested in web security and feature detection, check this out and provide your feedback!
 
Following up on yesterday's discussion of +AngularJS's Content Security Policy implementation, it became clear that there's a need for programatic detection of a site's currently active policy. Frameworks should be able to inspect the policy to determine whether they can, for instance, use `eval()`. Based on the result, they can fork their implementation and avoid flooding the console or report URI with errors.

I sat down with +Paul Irish of Modernizr fame, +Eric Bidelman, and +Pete LePage to hammer out an initial strawman for discussion. I've jotted down our conclusions at https://mikewest.org/2012/05/content-security-policy-feature-detection for discussion.

+Igor Minar, how does this look to you?
AngularJS has recently implemented support for Content Security Policy that restricts the use of `eval()`, `new Function()`, and other such text-to-JS conduits. This is a huge win, as CSP is one of th...
1
Add a comment...