public-webappsec@w3.org from September 2012 by subject

[CSP] Extensions and user script? (Some feedback)

• Mike West (Tuesday, 25 September)
• Odin Hørthe Omdal (Tuesday, 25 September)

[webappsec] "certificates differ" text in CORS

• Hill, Brad (Friday, 14 September)

[webappsec] Agenda for today's WebAppSec WG call

• Hill, Brad (Tuesday, 11 September)

[webappsec] Call for Consensus: Content Security Policy 1.0 to Candidate Recommendation

• Tanvi Vyas (Friday, 7 September)
• Hill, Brad (Tuesday, 4 September)

[webappsec] Major update to UI Safety

• Jacob Rossi (Tuesday, 11 September)
• Hill, Brad (Tuesday, 11 September)
• Hill, Brad (Tuesday, 11 September)

Agenda for September 25 Call

• Hill, Brad (Tuesday, 25 September)
• Eric Rescorla (Tuesday, 25 September)

Call for Consensus: Content Security Policy 1.0 to Candidate Recommendation

• Adam Barth (Thursday, 6 September)

CfC: FPWD of UI Safety Directives for CSP

• Hill, Brad (Tuesday, 25 September)

CORS test status

• Boris Zbarsky (Saturday, 29 September)
• Odin Hørthe Omdal (Tuesday, 25 September)
• Boris Zbarsky (Tuesday, 25 September)
• Toni Ruottu (Tuesday, 25 September)
• Boris Zbarsky (Tuesday, 25 September)
• Toni Ruottu (Tuesday, 25 September)
• Boris Zbarsky (Tuesday, 25 September)
• gopal.raghavan@nokia.com (Tuesday, 25 September)

CSP 1.0 browser compliance testing

• Mike West (Friday, 14 September)
• Erlend Oftedal (Thursday, 13 September)
• Odin Hørthe Omdal (Monday, 10 September)
• Erlend Oftedal (Friday, 7 September)

CSP 1.0: relaxing mandated enforcing and monitoring to avoid

• Hill, Brad (Monday, 17 September)
• Fred Andrews (Sunday, 16 September)
• Hill, Brad (Friday, 14 September)
• Erlend Oftedal (Friday, 14 September)
• Fred Andrews (Friday, 14 September)
• Erlend Oftedal (Friday, 14 September)

CSP 1.0: relaxing mandated enforcing and monitoring to avoid probing and to avoid content being written to depend on CSP.

• Mike West (Monday, 17 September)
• Fred Andrews (Sunday, 16 September)
• Mike West (Friday, 14 September)
• Fred Andrews (Friday, 14 September)
• Adam Barth (Thursday, 13 September)
• Fred Andrews (Thursday, 13 September)

CSP 1.1: Paths in source list definitions.

• Tanvi Vyas (Tuesday, 25 September)
• Mike West (Tuesday, 25 September)
• Odin Hørthe Omdal (Tuesday, 25 September)
• Mike West (Sunday, 23 September)
• Mike West (Monday, 3 September)

CSP connect-src and browser plugins

• Dan Veditz (Sunday, 23 September)
• Adam Barth (Sunday, 23 September)
• Erlend Oftedal (Sunday, 23 September)

CSP Sandbox directive and meta tag - CSP 1.1

• Adam Barth (Wednesday, 19 September)
• Erlend Oftedal (Wednesday, 19 September)
• Jacob Rossi (Wednesday, 19 September)
• Devdatta Akhawe (Wednesday, 19 September)
• Jacob Rossi (Wednesday, 19 September)
• Tanvi Vyas (Tuesday, 18 September)

Feedback on the Content Security Policy 1.0

• Fred Andrews (Monday, 10 September)

Interaction of CSP and IRIs

• Boris Zbarsky (Friday, 7 September)
• Adam Barth (Friday, 7 September)
• Boris Zbarsky (Friday, 7 September)
• Adam Barth (Thursday, 6 September)
• Boris Zbarsky (Thursday, 6 September)

ISSUE-6 comments addressed

• Adam Barth (Thursday, 13 September)
• Mike West (Thursday, 13 September)
• Adam Barth (Thursday, 13 September)

New clickjacking research published

• Hill, Brad (Wednesday, 12 September)
• Fred Andrews (Tuesday, 11 September)
• Fred Andrews (Tuesday, 11 September)
• David Lin-Shung Huang (Tuesday, 11 September)
• Hill, Brad (Tuesday, 11 September)
• Fred Andrews (Tuesday, 11 September)

Regrets 9/25

• Jacob Rossi (Tuesday, 25 September)

Regrets for today's call.

• Brad Hill (Tuesday, 25 September)

script-tag with html template-content

• Erlend Oftedal (Monday, 10 September)
• Erlend Oftedal (Monday, 10 September)
• Adam Barth (Monday, 10 September)
• Oscar Finnsson (Monday, 10 September)

some further Comments on Content Security Policy 1.0 Editor's Draft

• Adam Barth (Thursday, 13 September)
• =JeffH (Tuesday, 11 September)
• Adam Barth (Monday, 3 September)
• Mike West (Monday, 3 September)

test

• Hill, Brad (Tuesday, 25 September)
• Kris Krueger (Tuesday, 25 September)
• Hodges, Jeff (Tuesday, 25 September)

UI Safety - input protection obstruction check challenges

• Giorgio Maone (Wednesday, 12 September)
• Fred Andrews (Wednesday, 12 September)

unsafe-inline for style-src

• Bjoern Hoehrmann (Thursday, 27 September)
• Adam Barth (Thursday, 20 September)
• Giorgio Maone (Thursday, 20 September)
• Hill, Brad (Thursday, 20 September)
• Boris Zbarsky (Thursday, 20 September)
• Adam Barth (Thursday, 20 September)
• Boris Zbarsky (Thursday, 20 September)
• Mike West (Thursday, 20 September)
• Boris Zbarsky (Thursday, 20 September)
• Adam Barth (Thursday, 20 September)
• Boris Zbarsky (Thursday, 20 September)
• Adam Barth (Thursday, 20 September)
• Boris Zbarsky (Thursday, 20 September)
• Adam Barth (Wednesday, 19 September)
• Boris Zbarsky (Wednesday, 19 September)
• Mike West (Tuesday, 18 September)
• Tanvi Vyas (Tuesday, 18 September)

Web Crypto WG - Web Crypto API going to FPWD

• GALINDO Virginie (Monday, 17 September)

webappsec-ISSUE-16 (CSP informs client, cannot restrict it): Editorial: CSP cannot dictate client behavior, only inform it

• Web Application Security Working Group Issue Tracker (Tuesday, 11 September)

webappsec-ISSUE-17 (Extension compat): CSP should take into account extensions which modify content

• Web Application Security Working Group Issue Tracker (Tuesday, 11 September)

webappsec-ISSUE-18 (CSP as risk assessment score): Use CSP to report app risk and compatibility with user specified restrictions

• Web Application Security Working Group Issue Tracker (Tuesday, 11 September)

webappsec-ISSUE-19 (Interaction of CSP and IRIs): How are non-ASCII characters handled in CSP

• Web Application Security Working Group Issue Tracker (Tuesday, 11 September)

Last message date: Saturday, 29 September 2012 04:06:06 UTC