W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2012

webappsec-ISSUE-40 (X-XSS-Protection): Look at incorporating X-XSS-Protection functionality into CSP 1.1

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Thu, 08 Nov 2012 20:28:03 +0000
Message-Id: <E1TWYhn-0005UF-6J@tibor.w3.org>
To: public-webappsec@w3.org
webappsec-ISSUE-40 (X-XSS-Protection): Look at incorporating X-XSS-Protection functionality into CSP 1.1

http://www.w3.org/2011/webappsec/track/issues/40

Raised by: Brad Hill
On product: 

Look at obsoleting X-XSS-Protection header by moving its features into a CSP 1.1 directive, perhaps under the name "reflected-xss-protection" (as CSP provides XSS protection through other mechanisms)
Received on Thursday, 8 November 2012 20:28:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 8 November 2012 20:28:04 GMT