W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: Scope and complexity (was Re: More on XSS mitigation)

From: Brandon Sterne <bsterne@mozilla.com>
Date: Tue, 25 Jan 2011 11:55:24 -0800
Message-ID: <4D3F2AAC.4060909@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: Gervase Markham <gerv@mozilla.org>, Lucas Adamski <lucas@mozilla.com>, public-web-security@w3.org 
On 01/25/2011 10:42 AM, Adam Barth wrote:
> On Tue, Jan 25, 2011 at 8:48 AM, Steingruebl, Andy wrote:
>> CSP isn't only useful for stopping XS either.  It can be a policy enforcement for where scripts can come from.  Just like it can control framing, which isn't really about XSS either.   I think it would be a lot less useful if it didn't include those capabilities/functions, as those are some of my major initial use cases.
> 
> IMHO, in the first iteration we should nail XSS and set up a
> extensible policy framework that we can extend to address other
> threats in the future.
> 
> Adam
>
Received on Tuesday, 25 January 2011 19:57:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 January 2011 19:57:45 GMT