- From: Brad Hill <hillbrad@fb.com>
- Date: Tue, 18 Nov 2014 17:58:53 +0000
- To: Deian Stefan <deian@cs.stanford.edu>, "Web Application Security Working Group Issue Tracker" <sysbot+tracker@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Deian, thank you and please do. We always welcome proposed text (from group members). On 11/17/14, 9:36 PM, "Deian Stefan" <deian@cs.stanford.edu> wrote: >Web Application Security Working Group Issue Tracker ><sysbot+tracker@w3.org> writes: > >> webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives >>to manage postMessage and external navigation of iframes [CSP Next] >> >> >>https://urldefense.proofpoint.com/v1/url?u=http://www.w3.org/2011/webapps >>ec/track/issues/69&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2B >>WBMXZg%3D%3D%0A&m=20fYIyK0B054c%2F3Inxh6CMhqM4P6GMDnK9mQu6OQeZ8%3D%0A&s=7 >>df5fe9ca9d2155240020c3c23e26ce687ab4374d8ae0e6b85894e299d1b8fb8 >> >> Raised by: Devdatta Akhawe >> On product: CSP Next >> >> >>https://urldefense.proofpoint.com/v1/url?u=http://lists.w3.org/Archives/P >>ublic/public-webappsec/2014Jul/0047.html&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0 >>A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=20fYIyK0B054c%2F3Inxh6CMhqM4P6GMD >>nK9mQu6OQeZ8%3D%0A&s=47aee70c52bc137f1eaa262acb0eb6740a325d04f7f7368131c0 >>5379def0bcad > >I think that having message-src, message-sink, and navigation directives >would be useful additions to CSP v. Next in terms of adding more layers >of defense. I would be happy to take a first cut at the description of >these if others agree. > >Thanks, >Deian >
Received on Tuesday, 18 November 2014 17:59:38 UTC