- From: meacer <notifications@github.com>
- Date: Thu, 31 Jul 2025 15:47:55 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/1128@github.com>
meacer created an issue (w3ctag/design-reviews#1128) ### Specification https://github.com/w3c/webappsec-csp/compare/main...carlosjoan91:webappsec-csp:main ### Explainer https://github.com/explainers-by-googlers/script-src-v2/blob/main/README.md ### Links - Previous early design review, if any: N/A - An introduction to the feature, aimed at unfamiliar audiences: https://github.com/explainers-by-googlers/script-src-v2/blob/main/README.md#deployment-use-case-examples - A description of the problems that end-users were facing before this proposal: https://github.com/explainers-by-googlers/script-src-v2/blob/main/README.md#use-cases - Alternatives considered: https://github.com/explainers-by-googlers/script-src-v2/blob/main/README.md#considered-alternatives - Examples of how to use the proposal to solve the end-users' problems: https://github.com/explainers-by-googlers/script-src-v2/blob/main/README.md#proposed-solution - What do the end-users experience with this proposal: https://github.com/explainers-by-googlers/script-src-v2/blob/main/README.md#proposed-solution - User research you did to validate the problem and/or design, if any: N/A - Web Platform Tests: - https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/content-security-policy/script-src/tentative/ - https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/content-security-policy/unsafe-eval/tentative/ - https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/virtual/script-src-hashes-v1-enabled/ ### The specification - [x] Follows the [Web Platform Design Principles](https://www.w3.org/TR/design-principles/). - [x] Includes Security and Privacy Considerations sections based on answers to the [Security/Privacy Questionnaire](https://www.w3.org/TR/security-privacy-questionnaire/). ### Where and by whom is the work is being done? - GitHub repo: - Primary contacts: - @carlosjoan91 (Google), @meacer (Google) - Organization/project driving the specification: Google - This work is being funded by: Google - Primary standards group developing this feature: N/A - Group intended to standardize this work: WebAppSec - Incubation and standards groups that have discussed the design: - https://github.com/w3c/webappsec/blob/main/meetings/2025/2025-04-16-minutes.md ### Feedback so far - Multi-stakeholder feedback: - Chromium comments: https://chromestatus.com/feature/5196368819519488 - Mozilla comments: https://github.com/mozilla/standards-positions/issues/1277 - WebKit comments: https://github.com/WebKit/standards-positions/issues/535 - Major unresolved issues with or opposition to this specification: - Status/issue trackers for implementations: https://chromestatus.com/feature/5196368819519488 ### You should also know that... _No response_ <!-- Content below this is maintained by @w3c-tag-bot --> --- Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1128 -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1128 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1128@github.com>
Received on Thursday, 31 July 2025 22:47:59 UTC