<object>, text/html, and object-src/frame-src
[Bug 15312] New: lowercasing requirement for Access-Control-Request-Headers harmful
[webappsec wg] Draft minutes from 12/20/2011 for approval on next call
[webappsec WG] Security Considerations for CORS with credentials
Agenda for WebAppSec Call: Tuesday December 6
Call for Exclusions: Content Security Policy
CfC: CORS to advance to Last Call
CSP and HTML manipulation by Internet Access Providers
CSP versus Content-Type on scripts and stylesheets
Draft meetings from Dec 06 call
ISSUE-4: Policy combination
- Jacob Rossi (Sunday, 11 December)
- Adam Barth (Saturday, 10 December)
- Brandon Sterne (Saturday, 10 December)
- Hill, Brad (Friday, 9 December)
- Adam Barth (Friday, 9 December)
- Hill, Brad (Friday, 9 December)
- Adam Barth (Friday, 9 December)
- Brandon Sterne (Thursday, 8 December)
- Adam Barth (Thursday, 8 December)
- Giorgio Maone (Thursday, 8 December)
- Eric Rescorla (Thursday, 8 December)
- Giorgio Maone (Thursday, 8 December)
- Jacob Rossi (Thursday, 8 December)
- Adam Barth (Thursday, 8 December)
Meeting reminder
Minutes from two weeks ago
no-external-navigation
Proposal: CSP "allow-modification" directive
Sandbox directive
Testing CORS
W3C WebAppSec WG F2F meeting
W3C WebAppSec WG Meeting
W3C WebAppSec WG Meeting (regrets)
WebAppSec WG call agenda, Dec 20, 2011, 22:00-23:00 UTC
Last message date: Friday, 30 December 2011 08:15:54 UTC