W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2012

RE: Motion: Move CSP 1.0 to Last Call

From: Jacob Rossi <Jacob.Rossi@microsoft.com>
Date: Tue, 5 Jun 2012 23:29:33 +0000
To: Adam Barth <w3c@adambarth.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <D0BC8E77E79D9846B61A2432D1BA4EAE06453D52@TK5EX14MBXC287.redmond.corp.microsoft.com>
We had some discussion in today's teleconference about ensuring that the content we link to in the HTML5 spec for the sandbox directive. I feel confident having worked with Hixie and Adam that the HTML5 content is stable for this feature. Linking to the W3C version of HTML5 (as opposed to the WHATWG edition) would be our preference as it, like CSP, is a W3C recommendation-track specification. Currently CSP links to the WHATWG HTML spec.

Otherwise, we support publishing a LC draft.

> -----Original Message-----
> From: Adam Barth [mailto:w3c@adambarth.com]
> Sent: Tuesday, June 05, 2012 3:50 PM
> To: public-webappsec@w3.org
> Subject: Motion: Move CSP 1.0 to Last Call
> 
> As discussed on the teleconference today, I've edited the CSP 1.0 spec to
> make the sandbox directive optional:
> 
> http://dvcs.w3.org/hg/content-security-policy/rev/6e60ee08c97a
> 
> I've left sandbox as required in CSP 1.1.
> 
> As there don't appear to be any remaining open issues, I'd like to move to
> advance CSP 1.0 to Last Call.
> 
> http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-1.0-
> specification.html
> 
> Thanks,
> Adam
> 
Received on Tuesday, 5 June 2012 23:30:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 June 2012 23:30:07 GMT