https://dvcs.w3.org/hg/content-security-policy/rev/5a29424a37d4 had the following effects: * Renamed 'document.SecurityPolicy' to 'document.securityPolicy' * Converted the following to read-only boolean attributes: * 'allowsEval' * 'allowsInlineScript' * 'allowsInlineStyle' * 'isActive'
Created attachment 172526 [details] Patch
Comment on attachment 172526 [details] Patch We should double-check that this is turned off in M24.
Comment on attachment 172526 [details] Patch (In reply to comment #2) > (From update of attachment 172526 [details]) > We should double-check that this is turned off in M24. http://trac.webkit.org/changeset/133008 :) Longer term, should we prefix this interface, or just keep turning it off until it's somewhat stable in the spec?
> Longer term, should we prefix this interface, or just keep turning it off until it's somewhat stable in the spec? We should make it run-time enabled and put it behind --enable-experimental-webkit-features. That's the compromise we reached with the release engineers.
Comment on attachment 172526 [details] Patch Clearing flags on attachment: 172526 Committed r133620: <http://trac.webkit.org/changeset/133620>
All reviewed patches have been landed. Closing bug.