public-webappsec@w3.org from December 2011 by author

Adam Barth

• Re: CSP and HTML manipulation by Internet Access Providers (Friday, 30 December)
• Re: no-external-navigation (Monday, 12 December)
• Re: ISSUE-4: Policy combination (Saturday, 10 December)
• Re: ISSUE-4: Policy combination (Friday, 9 December)
• Re: Proposal: CSP "allow-modification" directive (Friday, 9 December)
• Re: ISSUE-4: Policy combination (Friday, 9 December)
• Re: Proposal: CSP "allow-modification" directive (Thursday, 8 December)
• Re: ISSUE-4: Policy combination (Thursday, 8 December)
• ISSUE-4: Policy combination (Thursday, 8 December)
• <object>, text/html, and object-src/frame-src (Tuesday, 6 December)
• Sandbox directive (Monday, 5 December)

Arthur Barstow

• Re: CfC: CORS to advance to Last Call (Tuesday, 20 December)
• Testing CORS (Monday, 5 December)

Brandon Sterne

• Re: ISSUE-4: Policy combination (Saturday, 10 December)
• Re: ISSUE-4: Policy combination (Thursday, 8 December)

bugzilla@jessica.w3.org

• [Bug 15312] New: lowercasing requirement for Access-Control-Request-Headers harmful (Thursday, 22 December)

Collin Jackson

• Proposal: CSP "allow-modification" directive (Thursday, 8 December)

Eric Rescorla

• Re: ISSUE-4: Policy combination (Thursday, 8 December)
• Minutes from two weeks ago (Tuesday, 6 December)
• Agenda for WebAppSec Call: Tuesday December 6 (Monday, 5 December)

Giorgio Maone

• Re: ISSUE-4: Policy combination (Thursday, 8 December)
• Re: ISSUE-4: Policy combination (Thursday, 8 December)

Hendrik Brummermann

• CSP and HTML manipulation by Internet Access Providers (Thursday, 29 December)

Hill, Brad

• [webappsec wg] Draft minutes from 12/20/2011 for approval on next call (Friday, 30 December)
• [webappsec WG] Security Considerations for CORS with credentials (Thursday, 29 December)
• Draft meetings from Dec 06 call (Tuesday, 20 December)
• RE: W3C WebAppSec WG F2F meeting (Tuesday, 20 December)
• Meeting reminder (Monday, 19 December)
• WebAppSec WG call agenda, Dec 20, 2011, 22:00-23:00 UTC (Monday, 19 December)
• CfC: CORS to advance to Last Call (Monday, 19 December)
• W3C WebAppSec WG Meeting (Monday, 19 December)
• RE: ISSUE-4: Policy combination (Friday, 9 December)
• RE: ISSUE-4: Policy combination (Friday, 9 December)

Hodges, Jeff

• RE: W3C WebAppSec WG Meeting (regrets) (Tuesday, 20 December)

Ian Jacobs

• Call for Exclusions: Content Security Policy (Thursday, 1 December)

Jacob Rossi

• RE: ISSUE-4: Policy combination (Sunday, 11 December)
• RE: ISSUE-4: Policy combination (Thursday, 8 December)

Michal Zalewski

• CSP versus Content-Type on scripts and stylesheets (Tuesday, 20 December)
• no-external-navigation (Friday, 9 December)

Thomas Roessler

• Re: Proposal: CSP "allow-modification" directive (Friday, 9 December)

Last message date: Friday, 30 December 2011 08:15:54 UTC