[dojo-contributors] heya-ctr performance

James Burke jburke at dojotoolkit.org
Mon May 6 17:37:34 EDT 2013


On Mon, May 6, 2013 at 2:20 PM, Eugene Lazutkin <eugene at lazutkin.com> wrote:
> How big is CSP market, and do we really want to target it specifically?
> This is a separate non-technical question in the same vein as "do we
> support IE6, IE7, IE8" --- arguably the latter have more market than the
> CSP-based solutions in terms of available money, yet as far as I can
> tell most Dojo committers think that it should not be suported.

I think the difference between CSP and old IE is that CSP is likely to
get more usage than them over time, particularly since it allows web
sites the ability to avoid large blocks of security issues. It is a
future looking feature vs a legacy concern.

I will not post any more on this, as it is probably a side point to
the thread, just some links for more background:

caniuse:
http://caniuse.com/#feat=contentsecuritypolicy

GitHub's post about enabling it:
https://github.com/blog/1477-content-security-policy

Info docs:
https://developer.mozilla.org/en-US/docs/Security/CSP

James


More information about the dojo-contributors mailing list