public-webappsec@w3.org from July 2012 by subject

[webappsec] adding data to CSP reports with DOM API

• Hill, Brad (Tuesday, 31 July)

[webappsec] Agenda for Telecon 17 Jul 2012

• Hill, Brad (Tuesday, 17 July)

[webappsec] Call tomorrow CANCELLED - join WebSec @ IETF 84, 9:00-10:20 PST

• Hill, Brad (Monday, 30 July)
• Hill, Brad (Monday, 30 July)

[webappsec] Telecon agenda for WebAppSec WG call of July 3

• Hill, Brad (Tuesday, 3 July)

[webappsec] TPAC registration and joint meetings

• Hill, Brad (Monday, 16 July)

[websec] Coordinating Frame-Options and CSP UI Safety directives

• Hill, Brad (Tuesday, 10 July)
• Tobias Gondrom (Monday, 9 July)
• Tobias Gondrom (Monday, 9 July)

Call for Exclusions: Content Security Policy

• Ian Jacobs (Tuesday, 10 July)

Coordinating Frame-Options and CSP UI Safety directives

• Hill, Brad (Monday, 9 July)

CORS proxy - was: CORS security hole?

• Eric Rescorla (Tuesday, 17 July)
• Henry Story (Tuesday, 17 July)
• Eric Rescorla (Tuesday, 17 July)
• Henry Story (Tuesday, 17 July)

CORS security hole?

• Dirk Pranke (Tuesday, 17 July)
• Henry Story (Tuesday, 17 July)
• Adam Barth (Tuesday, 17 July)
• Henry Story (Tuesday, 17 July)
• Adam Barth (Monday, 16 July)
• Henry Story (Monday, 16 July)

CSP 1.1: `script-nonce` and script interface edits.

• Eric Chen (Thursday, 19 July)
• Mike West (Thursday, 19 July)
• Eric Chen (Thursday, 19 July)
• Mike West (Thursday, 19 July)

CSP 1.1: Behavior when presented with an invalid plugin-types directive?

• Mike West (Friday, 27 July)
• Devdatta Akhawe (Monday, 23 July)
• Adam Barth (Monday, 23 July)
• Daniel Veditz (Monday, 23 July)
• Devdatta Akhawe (Monday, 23 July)
• Adam Barth (Monday, 23 July)
• Odin Hørthe Omdal (Monday, 23 July)
• Mike West (Monday, 23 July)

CSP 1.1: More granular source list definitions.

• Odin Hørthe Omdal (Wednesday, 4 July)
• Mike West (Tuesday, 3 July)
• Tom Ritter (Monday, 2 July)
• Odin Hørthe Omdal (Monday, 2 July)

Regarding Action 67

• Tanvi Vyas (Tuesday, 17 July)

script and data uri

• Adam Barth (Thursday, 19 July)
• John J Barton (Thursday, 19 July)
• David Bruant (Thursday, 19 July)

Secure dynamic JS compilation under CSP

• David Bruant (Thursday, 19 July)
• Adam Barth (Thursday, 19 July)
• John J Barton (Thursday, 19 July)
• Adam Barth (Thursday, 19 July)
• Tanvi Vyas (Thursday, 19 July)
• John J Barton (Thursday, 19 July)
• Eric Chen (Thursday, 19 July)
• Adam Barth (Thursday, 19 July)
• John J Barton (Thursday, 19 July)

some further Comments on Content Security Policy 1.0 Editor's Draft

• Adam Barth (Thursday, 5 July)
• =JeffH (Thursday, 5 July)
• Adam Barth (Wednesday, 4 July)
• =JeffH (Tuesday, 3 July)
• Adam Barth (Tuesday, 3 July)
• =JeffH (Tuesday, 3 July)

TPAC 2012 Registration

• Hill, Brad (Tuesday, 3 July)

webappsec-ISSUE-15 (SRCDOC, BLOB, ETC): How to handle srcdoc, blob:, di: and ways of directly creating content

• Odin Hørthe Omdal (Wednesday, 4 July)
• Web Application Security Working Group Issue Tracker (Tuesday, 3 July)

Why the restriction on unauthenticated GET in CORS?

• Henry Story (Saturday, 21 July)
• Eric Rescorla (Saturday, 21 July)
• Henry Story (Saturday, 21 July)
• Jonas Sicking (Saturday, 21 July)
• Ian Hickson (Friday, 20 July)
• Henry Story (Friday, 20 July)
• Tab Atkins Jr. (Friday, 20 July)
• Henry Story (Friday, 20 July)
• Adam Barth (Friday, 20 July)
• Cameron Jones (Friday, 20 July)
• Adam Barth (Friday, 20 July)
• Cameron Jones (Friday, 20 July)
• Adam Barth (Friday, 20 July)
• Cameron Jones (Thursday, 19 July)
• Cameron Jones (Thursday, 19 July)
• Anne van Kesteren (Thursday, 19 July)
• Cameron Jones (Thursday, 19 July)
• Eric Rescorla (Thursday, 19 July)
• Anne van Kesteren (Thursday, 19 July)
• Cameron Jones (Thursday, 19 July)
• Henry Story (Thursday, 19 July)
• Cameron Jones (Thursday, 19 July)
• Henry Story (Wednesday, 18 July)
• Ian Hickson (Wednesday, 18 July)
• Henry Story (Wednesday, 18 July)

Last message date: Tuesday, 31 July 2012 21:44:59 UTC