public-webappsec@w3.org from October 2013 by thread

webappsec-ISSUE-55 (input-protection and seamless iframes): How to handle seamless flag for input-protection policies? [UI Security] Web Application Security Working Group Issue Tracker (Thursday, 31 October)

[webappsec] UISecurity input protection: same origin or same document? Brad Hill (Thursday, 31 October)

• Re: [webappsec] UISecurity input protection: same origin or same document? Anne van Kesteren (Thursday, 31 October)
  • Re: [webappsec] UISecurity input protection: same origin or same document? Brad Hill (Thursday, 31 October)

[webappsec] New SVG examples for UISecurity obstruction check Brad Hill (Wednesday, 30 October)

Are CSP directives case insensitive? John Wong (Monday, 28 October)

[Bug 23654] New: Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall bugzilla@jessica.w3.org (Monday, 28 October)

[Bug 23653] New: Advice on CORS and caches bugzilla@jessica.w3.org (Monday, 28 October)

CSP and cookie header management Anne van Kesteren (Wednesday, 23 October)

Content-Security-Policy: referrer always Tom Sepez (Tuesday, 22 October)

• Re: Content-Security-Policy: referrer always Anne van Kesteren (Wednesday, 23 October)

Agenda for October 22, 2013 Teleconference Eric Rescorla (Tuesday, 22 October)

'referrer' directive strawman. Mike West (Monday, 21 October)

• Re: 'referrer' directive strawman. Anne van Kesteren (Tuesday, 22 October)

Re: Updated script hash proposal (non spec text) Devdatta Akhawe (Sunday, 20 October)

• Re: Updated script hash proposal (non spec text) Neil Matatall (Monday, 21 October)

[webappsec] new editor's draft of UISecurity Brad Hill (Friday, 18 October)

CSP script hashes, inline and src'd Joel Weinberger (Friday, 18 October)

• Re: CSP script hashes, inline and src'd Glenn Adams (Saturday, 19 October)
  • Re: CSP script hashes, inline and src'd Neil Matatall (Saturday, 19 October)
    • Re: CSP script hashes, inline and src'd Trevor Perrin (Monday, 21 October)
    • Re: CSP script hashes, inline and src'd Tanvi Vyas (Monday, 21 October)
      • Re: CSP script hashes, inline and src'd Joel Weinberger (Tuesday, 22 October)
  • Re: CSP script hashes, inline and src'd Garrett Robinson (Saturday, 19 October)
• Re: CSP script hashes, inline and src'd Garrett Robinson (Saturday, 19 October)
  • Re: CSP script hashes, inline and src'd Yoav Weiss (Saturday, 19 October)
    • Re: CSP script hashes, inline and src'd Mike West (Monday, 21 October)
      • Re: CSP script hashes, inline and src'd Neil Matatall (Monday, 21 October)
        • Re: CSP script hashes, inline and src'd Brad Hill (Monday, 21 October)
      • Re: CSP script hashes, inline and src'd Ian Melven (Monday, 21 October)

Reminder: Recharter out for review through Oct. 21 Wendy Seltzer (Tuesday, 15 October)

[webappsec] Handling unsafe UI events Brad Hill (Monday, 14 October)

• Re: [webappsec] Handling unsafe UI events David Lin-Shung Huang (Tuesday, 15 October)

FYI: RFC 7034 on HTTP Header Field X-Frame-Options Tobias Gondrom (Monday, 14 October)

• RE: RFC 7034 on HTTP Header Field X-Frame-Options Hill, Brad (Monday, 14 October)

Re: [CORS] Clarifying the term "user credentials" Austin William Wright (Friday, 11 October)

• Re: [CORS] Clarifying the term "user credentials" Monsur Hossain (Friday, 11 October)

[webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill (Thursday, 10 October)

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering David Lin-Shung Huang (Friday, 11 October)
  • Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill (Monday, 14 October)
    • Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill (Monday, 14 October)
      • Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering David Lin-Shung Huang (Tuesday, 15 October)
        • Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill (Tuesday, 15 October)
          • Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Giorgio Maone (Wednesday, 16 October)
    • Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Giorgio Maone (Tuesday, 22 October)
      • Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Robert O'Callahan (Friday, 25 October)
        • Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Giorgio Maone (Saturday, 26 October)

Behavior when default-src is missing from a CSP Neil Matatall (Wednesday, 9 October)

• Re: Behavior when default-src is missing from a CSP Neil Matatall (Wednesday, 9 October)
  • Re: Behavior when default-src is missing from a CSP Mike West (Thursday, 10 October)
  • Re: Behavior when default-src is missing from a CSP Daniel Veditz (Thursday, 10 October)

proposal: move frame-options directive out of UI safety spec into CSP 1.1 Daniel Veditz (Tuesday, 8 October)

• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 Ian Melven (Tuesday, 8 October)
  • Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 Mike West (Monday, 21 October)
  • Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 Mike West (Monday, 21 October)
    • Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 Ian Melven (Monday, 21 October)

[webappsec] Agenda for 8-Oct-2013 Teleconference Brad Hill (Tuesday, 8 October)

ERRATA CORRIGE Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD) Giorgio Maone (Saturday, 5 October)

Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD) Giorgio Maone (Saturday, 5 October)

Scripts from Strings: Where is the line? Frederik Braun (Saturday, 5 October)

Actual Poll vote (was: Reminder: please send your preferences (was: POLL: Getting CSP 1.1 to LCWD)) =JeffH (Friday, 4 October)

[webappsec] Reminder: please send your preferences Brad Hill (Friday, 4 October)

• Re: [webappsec] Reminder: please send your preferences Odin Hørthe Omdal (Friday, 4 October)
• Re: [webappsec] Reminder: please send your preferences Mike West (Monday, 7 October)
• Re: [webappsec] Reminder: please send your preferences Nottingham, Mark (Monday, 7 October)
  • Re: [webappsec] Reminder: please send your preferences Daniel Veditz (Tuesday, 8 October)
    • Re: [webappsec] Reminder: please send your preferences Nottingham, Mark (Tuesday, 8 October)
• RE: [webappsec] Reminder: please send your preferences Carson, Cory (Monday, 7 October)
  • Re: [webappsec] Reminder: please send your preferences Neil Matatall (Tuesday, 8 October)
    • Re: [webappsec] Reminder: please send your preferences Neil Matatall (Tuesday, 22 October)

Re: [Workers] CSP and SharedWorkers David Bruant (Tuesday, 1 October)

Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)

• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
  • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill (Tuesday, 1 October)
    • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
  • RE: [webappsec] POLL: Getting CSP 1.1 to LCWD Carson, Cory (Tuesday, 1 October)
    • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
      • RE: [webappsec] POLL: Getting CSP 1.1 to LCWD Carson, Cory (Tuesday, 1 October)
        • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
          • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
      • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill (Tuesday, 1 October)
        • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
          • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill (Tuesday, 1 October)
            • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
            • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz (Wednesday, 2 October)
            • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Wednesday, 2 October)
            • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz (Thursday, 3 October)
            • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Thursday, 3 October)
            • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill (Thursday, 3 October)
            • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Thursday, 3 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz (Tuesday, 1 October)
  • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
    • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz (Tuesday, 1 October)
      • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)
        • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz (Wednesday, 2 October)
          • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Wednesday, 2 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Carson, Cory (Friday, 4 October)
  • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Friday, 4 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz (Friday, 4 October)
  • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Garrett Robinson (Friday, 4 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Friday, 4 October)
  • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill (Friday, 4 October)
    • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Bjoern Hoehrmann (Saturday, 5 October)
      • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Saturday, 5 October)
        • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Bjoern Hoehrmann (Saturday, 5 October)
          • Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Saturday, 5 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Garrett Robinson (Tuesday, 8 October)

Last message date: Thursday, 31 October 2013 18:19:42 UTC