http://blogs.msdn.com/b/ieinternals/archive/2009/06/25/9804105.aspxMy thoughts about Mozilla's Content Security Policy proposal were just published over on the IEBlog. I actually have quite a bit more to say (at even greater length :-) about declarative security mechanisms, and some more technical feedback specific toen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/ieinternals/archive/2009/06/25/9804105.aspx#9836200Fri, 17 Jul 2009 01:40:14 GMT91d46819-8472-40ad-a661-2c78acb4018c:9836200EricLaw [ex-MSFT]<p>Ian Hickson, editor of HTML5, weighed in with his feedback here: <a rel="nofollow" target="_new" href="http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/87ebe5cb9735d8ca#">http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/87ebe5cb9735d8ca#</a></p> <p>His conclusion? &nbsp;&quot;I think CSP is orders of magnitude too complicated to be a successful security mechanism on the Web. &quot;</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9836200" width="1" height="1">http://blogs.msdn.com/b/ieinternals/archive/2009/06/25/9804105.aspx#9818355Mon, 06 Jul 2009 03:33:25 GMT91d46819-8472-40ad-a661-2c78acb4018c:9818355EricLaw [ex-MSFT]<p>The Mozilla folks requested that I post my detailed feedback publicly. &nbsp;If you're interested in the gory details, you can find them here:</p> <p><a rel="nofollow" target="_new" href="http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/571f1495e6ccf822#">http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/571f1495e6ccf822#</a></p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9818355" width="1" height="1">