W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2011

RE: Where to define the sandbox directive (was Re: CfC: publish FPWD of Content Security Policy: Deadline Nov 22)

From: Jacob Rossi <Jacob.Rossi@microsoft.com>
Date: Tue, 15 Nov 2011 20:38:32 +0000
To: Adam Barth <w3c@adambarth.com>
CC: "Art.Barstow@nokia.com" <Art.Barstow@nokia.com>, "bhill@paypal-inc.com" <bhill@paypal-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "bsterne@mozilla.com" <bsterne@mozilla.com>
Message-ID: <D0BC8E77E79D9846B61A2432D1BA4EAE0364FE2C@TK5EX14MBXC288.redmond.corp.microsoft.com>
Including an issue paragraph seems appropriate.

-----Original Message-----
From: Adam Barth [mailto:w3c@adambarth.com] 
Sent: Tuesday, November 15, 2011 12:37 PM
To: Jacob Rossi
Cc: Art.Barstow@nokia.com; bhill@paypal-inc.com; public-webappsec@w3.org; bsterne@mozilla.com
Subject: Where to define the sandbox directive (was Re: CfC: publish FPWD of Content Security Policy: Deadline Nov 22)

[Changing the subject as this relates to future changes to the document after FPWD.]

On Tue, Nov 15, 2011 at 12:27 PM, Jacob Rossi <Jacob.Rossi@microsoft.com> wrote:
> However, we'd like to see the sandbox directive spec'd somewhere (as 
> it used to be in the 1.0 draft).  Ideally, that'd be in the 1.0 
> publication. But if there's no consensus to do so, then I'd like to see it in a draft for 1.1.
> I think we know what we want to spec, it's just a matter of writing it up.
>
> Here's my suggestion.  Rather than spending time to spin up a 1.1 
> document, can we add sandbox back to the current 1.0 draft?  The 
> concerns for doing so at TPAC seemed to be around feasibility to 
> implement (I didn't hear much pushback on the feature itself).  
> Generally speaking, CR is the appropriate time to remove a feature if 
> it can't get implemented.  So I'd prefer we be optimistic and keep it 
> in for now and then see how things go as we progress along. If at CR 
> it is at-risk to block progress on the spec, we can consider moving it out to the 1.1 spec. Thoughts?

That seems fine.  We'll probably want to include an "issue" paragraph warning that the feature might get removed and with a link to the issue tracker.

Adam
Received on Tuesday, 15 November 2011 20:39:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 15 November 2011 20:39:05 GMT