Providing a directive for XSLT #797
Description
Hi!
XSLT stylesheets are currently subject to the script-src-elem directive. While this is a reasonable default, it may also be desirable to have a directive for XSLT specifically. There are websites which may want to allow XSL Transformations, but not JavaScript.
Would it be reasonable to add a xslt-src directive, which defaults to the value of script-src-elem? This would allow disabling scripting and script-like destinations, with the possibility of adding an exception for XSLT.
Bye :)