- From: innotommy via GitHub <noreply@w3.org>
- Date: Fri, 13 Feb 2026 21:18:26 +0000
- To: public-security@w3.org
Placeholder for next meeting agenda: **Post-Injection XSS Mitigation — Tab-Isolated Token Protocol (TITP)** Harsh Singhal (Amazon) to present his proposal for a post-injection XSS mitigation mechanism called the Tab-Isolated Token Protocol (TITP). The proposal introduces a new `TabOnly` cookie attribute and a cryptographic token pairing system for backend request validation after XSS injection. Goal is to collect feedback from the SING . Explainer: https://github.com/Harsh0/xss-mitigation-explainer -- GitHub Notification of comment by innotommy Please view or discuss this issue at https://github.com/w3c/securityig/issues/41#issuecomment-3899534268 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 13 February 2026 21:18:26 UTC