W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2012

Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 27 Nov 2012 15:59:34 -0800
Message-ID: <CAJE5ia9yOhntwFD6UA-334W+cTDh7UdqjTU+Cie+QjkChs8-pQ@mail.gmail.com>
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Second.

On Tue, Nov 27, 2012 at 2:01 PM, Hill, Brad <bhill@paypal-inc.com> wrote:
> This is a Call for Consensus among the WebAppSec WG to accept the following
> draft of CSP 1.1 as a First Public Working draft:
>
> https://dvcs.w3.org/hg/content-security-policy/raw-file/48bed86c418d/csp-specification.dev.html
>
> CSP 1.1 extends CSP 1.0 and defines several new elements of policy
> mechanism:
>
> * an HTML <meta> Element
> * Script Interfaces
> * Directory path Source Expressions
> * Media Type lists
>
> As well as a number of new directives:
>
> * form-action
> * script-nonce
> * plugin-types
> * reflected-xss
>
> Please send comments to public-webappsec@w3.org , positive feedback is
> encouraged.
>
> This CfC will end on December 4, 2012.
>
> Thank you,
>
> Brad Hill
>
>
Received on Wednesday, 28 November 2012 00:00:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 28 November 2012 00:00:35 GMT