W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2011

Where to define the sandbox directive (was Re: CfC: publish FPWD of Content Security Policy: Deadline Nov 22)

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 15 Nov 2011 12:37:09 -0800
Message-ID: <CAJE5ia8MoemmU6+Lecn1EnTVi-NvbgqGwMFudh=STRHePGgHUg@mail.gmail.com>
To: Jacob Rossi <Jacob.Rossi@microsoft.com>
Cc: "Art.Barstow@nokia.com" <Art.Barstow@nokia.com>, "bhill@paypal-inc.com" <bhill@paypal-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "bsterne@mozilla.com" <bsterne@mozilla.com>
[Changing the subject as this relates to future changes to the
document after FPWD.]

On Tue, Nov 15, 2011 at 12:27 PM, Jacob Rossi <Jacob.Rossi@microsoft.com> wrote:
> However, weíd like to see the sandbox directive specíd somewhere (as it used
> to be in the 1.0 draft).† Ideally, thatíd be in the 1.0 publication. But if
> thereís no consensus to do so, then Iíd like to see it in a draft for 1.1.
> I think we know what we want to spec, itís just a matter of writing it up.
>
> Hereís my suggestion.† Rather than spending time to spin up a 1.1 document,
> can we add sandbox back to the current 1.0 draft?† The concerns for doing so
> at TPAC seemed to be around feasibility to implement (I didnít hear much
> pushback on the feature itself).† Generally speaking, CR is the appropriate
> time to remove a feature if it canít get implemented.† So Iíd prefer we be
> optimistic and keep it in for now and then see how things go as we progress
> along. If at CR it is at-risk to block progress on the spec, we can consider
> moving it out to the 1.1 spec. Thoughts?

That seems fine.  We'll probably want to include an "issue" paragraph
warning that the feature might get removed and with a link to the
issue tracker.

Adam
Received on Tuesday, 15 November 2011 20:38:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 15 November 2011 20:38:12 GMT