- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Tue, 01 Mar 2011 14:52:28 -0800
- To: Adam Barth <w3c@adambarth.com>
- CC: public-web-security@w3.org
Quick update: I have an "unofficial draft" ready to share and I'm only waiting on account access to be able to push the draft to dev.w3.org. I'm very excited to share the draft with you all and look forward to our continued discussion. Just as a preview of what to expect, in addition to reordering some of the sections and making the text more normative, I made the following changes: 1. renamed allow to default-src 2. made all directives optional 3. added the SecurityViolation DOM event 4. added script-nonce and sandbox under "proposed directives" 5. added policy via <meta> element 6. renamed inline-script options value to disable-xss-protection There are still unresolved issues that the the WG (can I call us that yet?) has identified and I've called those out in "Issue" sections. Best, Brandon On 02/25/2011 07:48 PM, Brandon Sterne wrote: > I'm basically done with the reformatting, which has mostly consisted of > reordering the sections to closer match existing specs (CORS was > especially modeled after) and to be more normative where possible. I've > also made changes and additions based on what I've taken as consensus > points reached on the WG mailing list thus far. I'll summarize those > changes when I make the submission. > > Just to provide an update to the group, I have the document ready to be > submitted and I am waiting to make sure I have the correct procedure to > follow in order to submit it to the group. > > I'll be back in touch before the end of the weekend. > > Cheers, > Brandon
Received on Tuesday, 1 March 2011 22:51:39 UTC