public-webappsec@w3.org from December 2014 by thread

[REFERRER] Combination of referrer directive values sourcekick (Sunday, 28 December)

webappsec-ISSUE-74 (plugin-types 'none'): allow explicitly setting the 'none' keyword source for plugin-type directive [CSP Level 3] Web Application Security Working Group Issue Tracker (Tuesday, 30 December)

webappsec-ISSUE-73 (CSP path matching): Consider allowing relative paths (to 'self') in source productions [CSP Level 3] Web Application Security Working Group Issue Tracker (Tuesday, 30 December)

[CSP3] Allow plugin-types "none" Craig Francis (Tuesday, 30 December)

[CSP3] Allow paths without a domain Craig Francis (Tuesday, 30 December)

[SRI] providing good defaults when the expected content type is missing? Francois Marier (Tuesday, 30 December)

[CSP] How to interpret 'self' in a sandboxed iframe Joel Weinberger (Tuesday, 30 December)

Reminder: today's webappsec teleconference CANCELED Brad Hill (Monday, 29 December)

Why not DNS records Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure Ryan Sleevi (Sunday, 28 December)

Public Key Pinning (was Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure) Jeffrey Walton (Saturday, 27 December)

[CSP] different perspective on Report-Only Ludwig, Sven (Saturday, 27 December)

[REFERRER] feedback - Editorial comment: s/referer/Referer/g David Booth (Friday, 26 December)

[SRI] unsupported hashes and invalid metadata Francois Marier (Wednesday, 24 December)

Fwd: Proposed W3C Charter: Web Application Security Working Group (Call for Review) Wendy Seltzer (Tuesday, 23 December)

[webappsec] Next WebAppSec teleconference Brad Hill (Friday, 19 December)

RE: [blink-dev] Proposal: Marking HTTP As Non-Secure Domenic Denicola (Friday, 19 December)

Marking HTTP As Non-Secure Patrick Kolodziejczyk (Wednesday, 17 December)

postMessage, workers and sandboxing Brad Hill (Monday, 15 December)

webappsec-ACTION-208: Take charter to w3m for review Web Application Security Working Group Issue Tracker (Monday, 15 December)

Strict mixed content checking (was Re: MIX: Exiting last call?) Mike West (Monday, 15 December)

Service Workers and MIX (was Re: MIX: Exiting last call?) Mike West (Monday, 15 December)

Proposal: Marking HTTP As Non-Secure Chris Palmer (Saturday, 13 December)

[webappsec] Teleconference Agenda, Monday 14-Dec-2014 Brad Hill (Friday, 12 December)

MIX: Exiting last call? Mike West (Friday, 12 December)

Comments on Mixed Content David Walp (Wednesday, 10 December)

[MIX] PF comments on Mixed Content - accessible indication and user controls Michael Cooper (Wednesday, 10 December)

[SRI] Towards v1 - do we need error reporting? Frederik Braun (Wednesday, 10 December)

[SRI] Towards v1 - do we need fallback/noncanonical-src? Frederik Braun (Wednesday, 10 December)

[POWER] New vs Legacy functionality (Re: "Requirements for Powerful Features" strawman.) Mike West (Tuesday, 9 December)

Re: Draft finding - "Transitioning the Web to HTTPS" Mike West (Tuesday, 9 December)

Call for Exclusions: Requirements for Powerful Features Coralie Mercier (Thursday, 4 December)

[REFERRER][CSP] Improving the Web Platform's Referrer Policy Brian Smith (Wednesday, 3 December)

[CSP3] Please define the encoding used for violation reports Boris Zbarsky (Tuesday, 2 December)

Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] Deian Stefan (Monday, 1 December)

[webappsec] Clarifying how CSP sandboxing applies to Workers, ServiceWorkers Brad Hill (Monday, 1 December)

[webappsec] Dec 1, Thread 3: post-Last Call issues in CSP Level 2 Brad Hill (Monday, 1 December)

[webappsec] Dec 1, Thread 2: Powerful Features Brad Hill (Monday, 1 December)

[webappsec] Dec 1, Thread 1: Rechartering Brad Hill (Monday, 1 December)

[webappsec] Cancel today's call? Brad Hill (Monday, 1 December)

Re: snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features" Brad Hill (Monday, 1 December)

Last message date: Tuesday, 30 December 2014 23:07:32 UTC