W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: More on XSS mitigation (was Re: XSS mitigation in browsers)

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 24 Jan 2011 18:29:31 +0000
Message-ID: <4D3DC50B.30905@mozilla.org>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
CC: John Wilander <john.wilander@owasp.org>, Michal Zalewski <lcamtuf@coredump.cx>, gaz Heyes <gazheyes@gmail.com>, Adam Barth <w3c@adambarth.com>, public-web-security@w3.org
On 24/01/11 05:47, Devdatta Akhawe wrote:
> I would also add developing policies for common applications like
> Drupal, WordPress, MediaWiki etc. We tried to develop a CSP policy for
> BugZilla and it seemed too much work to do it without enabling
> inline-scripts.

Did you communicate with the Bugzilla development team while doing this? 
I didn't see anything cross the mailing list... Getting Bugzilla in a 
state where it can have a CSP policy would be a great thing. Why not 
file a bug about it?

Gerv
Received on Monday, 24 January 2011 20:32:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 24 January 2011 20:32:25 GMT