W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2012

RE: Proposed resolution of sandbox question

From: Jacob Rossi <Jacob.Rossi@microsoft.com>
Date: Tue, 5 Jun 2012 20:33:35 +0000
To: Tanvi Vyas <tanvi@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <D0BC8E77E79D9846B61A2432D1BA4EAE06452572@TK5EX14MBXC287.redmond.corp.microsoft.com>
On 6/1/12 12:31 PM, Tanvi Vyas wrote:
> On 5/31/12 10:00 PM, Adam Barth wrote:
>> On Thu, May 31, 2012 at 9:29 PM, Eric Rescorla<ekr@rtfm.com>  wrote:
>>> The chairs would like to propose the following resolution of the sandbox
>>> directive:
>>>
>>> - CSP 1.0 will include the sandbox directive.
>>> - The sandbox directive will be marked as an "optional" feature in CSP 1.0
>>>   so that an implementation can conform without implementing it
>>>   (i.e., it will be exempt from the requirements of S 2.)
>>>
>>> Is this something people can live with?
>> That's fine with me.
>>
>> Adam
>>
> Fine with me too.

This meets our goal of ensuring the feature remains stable for web developers to use. It somewhat fails our other goal of encouraging user agents to implement it for better interoperability.  However, we're OK with this compromise. 

Can we also agree that the sandbox directive becomes mandatory in CSP 1.1?

-Jacob
Received on Tuesday, 5 June 2012 20:34:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 June 2012 20:34:19 GMT