public-webappsec@w3.org from July 2012 by author

=JeffH

• Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Thursday, 5 July)
• Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Tuesday, 3 July)
• Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Tuesday, 3 July)

Adam Barth

• Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? (Monday, 23 July)
• Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? (Monday, 23 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)
• Re: script and data uri (Thursday, 19 July)
• Re: Secure dynamic JS compilation under CSP (Thursday, 19 July)
• Re: Secure dynamic JS compilation under CSP (Thursday, 19 July)
• Re: Secure dynamic JS compilation under CSP (Thursday, 19 July)
• Re: CORS security hole? (Tuesday, 17 July)
• Re: CORS security hole? (Monday, 16 July)
• Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Thursday, 5 July)
• Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Wednesday, 4 July)
• Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Tuesday, 3 July)

Anne van Kesteren

• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)

Cameron Jones

• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)

Daniel Veditz

• Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? (Monday, 23 July)

David Bruant

• script and data uri (Thursday, 19 July)
• Re: Secure dynamic JS compilation under CSP (Thursday, 19 July)

Devdatta Akhawe

• Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? (Monday, 23 July)
• Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? (Monday, 23 July)

Dirk Pranke

• Re: CORS security hole? (Tuesday, 17 July)

Eric Chen

• Re: Secure dynamic JS compilation under CSP (Thursday, 19 July)
• Re: CSP 1.1: `script-nonce` and script interface edits. (Thursday, 19 July)
• Re: CSP 1.1: `script-nonce` and script interface edits. (Thursday, 19 July)

Eric Rescorla

• Re: Why the restriction on unauthenticated GET in CORS? (Saturday, 21 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)
• Re: CORS proxy - was: CORS security hole? (Tuesday, 17 July)
• Re: CORS proxy - was: CORS security hole? (Tuesday, 17 July)

Henry Story

• Re: Why the restriction on unauthenticated GET in CORS? (Saturday, 21 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Saturday, 21 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Thursday, 19 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Wednesday, 18 July)
• Why the restriction on unauthenticated GET in CORS? (Wednesday, 18 July)
• Re: CORS proxy - was: CORS security hole? (Tuesday, 17 July)
• CORS proxy - was: CORS security hole? (Tuesday, 17 July)
• Re: CORS security hole? (Tuesday, 17 July)
• Re: CORS security hole? (Tuesday, 17 July)
• CORS security hole? (Monday, 16 July)

Hill, Brad

• [webappsec] adding data to CSP reports with DOM API (Tuesday, 31 July)
• RE: [webappsec] Call tomorrow CANCELLED - join WebSec @ IETF 84, 9:00-10:20 PST (Monday, 30 July)
• [webappsec] Call tomorrow CANCELLED - join WebSec @ IETF 84, 9:00-10:20 PST (Monday, 30 July)
• [webappsec] Agenda for Telecon 17 Jul 2012 (Tuesday, 17 July)
• [webappsec] TPAC registration and joint meetings (Monday, 16 July)
• RE: [websec] Coordinating Frame-Options and CSP UI Safety directives (Tuesday, 10 July)
• Coordinating Frame-Options and CSP UI Safety directives (Monday, 9 July)
• [webappsec] Telecon agenda for WebAppSec WG call of July 3 (Tuesday, 3 July)
• FW: TPAC 2012 Registration (Tuesday, 3 July)

Ian Hickson

• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)
• Re: Why the restriction on unauthenticated GET in CORS? (Wednesday, 18 July)

Ian Jacobs

• Call for Exclusions: Content Security Policy (Tuesday, 10 July)

John J Barton

• Re: script and data uri (Thursday, 19 July)
• Re: Secure dynamic JS compilation under CSP (Thursday, 19 July)
• Re: Secure dynamic JS compilation under CSP (Thursday, 19 July)
• Secure dynamic JS compilation under CSP (Thursday, 19 July)

Jonas Sicking

• Re: Why the restriction on unauthenticated GET in CORS? (Saturday, 21 July)

Mike West

• Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? (Friday, 27 July)
• CSP 1.1: Behavior when presented with an invalid plugin-types directive? (Monday, 23 July)
• Re: CSP 1.1: `script-nonce` and script interface edits. (Thursday, 19 July)
• CSP 1.1: `script-nonce` and script interface edits. (Thursday, 19 July)
• Re: CSP 1.1: More granular source list definitions. (Tuesday, 3 July)

Odin Hørthe Omdal

• Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? (Monday, 23 July)
• Re: webappsec-ISSUE-15 (SRCDOC, BLOB, ETC): How to handle srcdoc, blob:, di: and ways of directly creating content (Wednesday, 4 July)
• Re: CSP 1.1: More granular source list definitions. (Wednesday, 4 July)
• Re: CSP 1.1: More granular source list definitions. (Monday, 2 July)

Tab Atkins Jr.

• Re: Why the restriction on unauthenticated GET in CORS? (Friday, 20 July)

Tanvi Vyas

• Re: Secure dynamic JS compilation under CSP (Thursday, 19 July)
• Regarding Action 67 (Tuesday, 17 July)

Tobias Gondrom

• Re: [websec] Coordinating Frame-Options and CSP UI Safety directives (Monday, 9 July)
• Re: [websec] Coordinating Frame-Options and CSP UI Safety directives (Monday, 9 July)

Tom Ritter

• Re: CSP 1.1: More granular source list definitions. (Monday, 2 July)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-15 (SRCDOC, BLOB, ETC): How to handle srcdoc, blob:, di: and ways of directly creating content (Tuesday, 3 July)

Last message date: Tuesday, 31 July 2012 21:44:59 UTC