W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: Scope and complexity (was Re: More on XSS mitigation)

From: Brandon Sterne <bsterne@mozilla.com>
Date: Tue, 25 Jan 2011 14:05:20 -0800
Message-ID: <4D3F4920.6060606@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: Gervase Markham <gerv@mozilla.org>, Lucas Adamski <lucas@mozilla.com>, public-web-security@w3.org
On 01/25/2011 01:45 PM, Adam Barth wrote:
> Ideally, we could come up with a policy mechanism that let us nail XSS
> today and that fostered innovation in security for years to come.  In
> the short term, you could view the existing CSP features (e.g.,
> clickjacking protection) as the first wave of innovation.  If those
> pieces are popular, then it should be easy for other folks to adopt
> them.

Others have expressed interest in the existing CSP features within this
discussion.  If people find the features useful now then why would take
a wait-and-see approach to building them in to the model?

Cheers,
Brandon
Received on Tuesday, 25 January 2011 22:07:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 January 2011 22:07:13 GMT