- From: David Ross <drx@google.com>
- Date: Tue, 5 Aug 2014 11:48:22 -0700
- To: public-webappsec@w3.org
Received on Wednesday, 6 August 2014 09:20:07 UTC
I've been working on a project to address XSRF and reflected XSS by enabling web apps to regulate their entry points. Blog with more details: http://randomdross.blogspot.com/2014/08/entry-point-regulation-for-web-apps.html Code for a Chrome extension implementing EPR: https://github.com/google/epr Mike West and I have been talking about spec'ing this out with hooks for CSP and Fetch. It would be great to get any comments and feedback from the webappsec list! Dave
Received on Wednesday, 6 August 2014 09:20:07 UTC