W3C home > Mailing lists > Public > www-tag@w3.org > May 2013

Re: Trimming the SecurityPolicy DOM interface

From: Alex Russell <slightlyoff@google.com>
Date: Fri, 24 May 2013 18:02:13 +0100
Message-ID: <CANr5HFV8OLH93-=uJX9xzBi3CYTBdSzC-aK0SPDzSF48yV5odw@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Mike West <mkwst@google.com>, "www-tag@w3.org List" <www-tag@w3.org>, Anne van Kesteren <annevk@annevk.nl>, Yehuda Katz <wycats@gmail.com>, Marcos Caceres <w3c@marcosc.com>
Apologies for not replying more fully before.

I've spent some time putting my thinking on this in blog-post form:

http://infrequently.org/2013/05/use-case-zero/

On Saturday, April 27, 2013, Adam Barth wrote:

> Alex, would you be willing to share the specific use cases you have in
> mind?  We just want to make sure there are solid use cases for the
> features in the spec.
>
> Adam
>
>
> On Sat, Apr 27, 2013 at 11:31 AM, Alex Russell <slightlyoff@google.com>
> wrote:
> > I object to these changes in the strongest possible terms. If it is not
> > possible to implement CSP policy enforcement on top of your API, it is
> not
> > sufficient.
> >
> > On Apr 27, 2013 5:46 PM, "Adam Barth" <w3c@adambarth.com> wrote:
> >>
> >> As discussed at the face-to-face meeting, I've trimmed the
> >> SecurityPolicy DOM interface to just the first four attributes:
> >>
> >> https://dvcs.w3.org/hg/content-security-policy/rev/f338192860c5
> >>
> >> At the meeting, we discussed that these attribute have strong use
> >> cases, but we couldn't think of any strong use cases for the remaining
> >> DOM interfaces.
> >>
> >> If folks come up with strong use cases, we should consider adding back
> >> the removed interfaces (or adding new interfaces that better address
> >> those use cases).
> >>
> >> Note: At the face-to-face, we discussed making some of these attribute
> >> writable in some circumstances, but I haven't made that change yet
> >> because it probably deserves more discussion.
> >>
> >> Adam
> >>
> >
>
Received on Friday, 24 May 2013 17:03:16 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:15:00 UTC