public-webappsec@w3.org from July 2012 by thread

[webappsec] adding data to CSP reports with DOM API Hill, Brad (Tuesday, 31 July)

[webappsec] Call tomorrow CANCELLED - join WebSec @ IETF 84, 9:00-10:20 PST Hill, Brad (Monday, 30 July)

• RE: [webappsec] Call tomorrow CANCELLED - join WebSec @ IETF 84, 9:00-10:20 PST Hill, Brad (Monday, 30 July)

CSP 1.1: Behavior when presented with an invalid plugin-types directive? Mike West (Monday, 23 July)

• Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? Odin Hørthe Omdal (Monday, 23 July)
  • Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? Adam Barth (Monday, 23 July)
    • Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? Devdatta Akhawe (Monday, 23 July)
      • Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? Daniel Veditz (Monday, 23 July)
      • Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? Adam Barth (Monday, 23 July)
        • Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? Devdatta Akhawe (Monday, 23 July)
          • Re: CSP 1.1: Behavior when presented with an invalid plugin-types directive? Mike West (Friday, 27 July)

script and data uri David Bruant (Thursday, 19 July)

• Re: script and data uri John J Barton (Thursday, 19 July)
• Re: script and data uri Adam Barth (Thursday, 19 July)

Secure dynamic JS compilation under CSP John J Barton (Thursday, 19 July)

• Re: Secure dynamic JS compilation under CSP Adam Barth (Thursday, 19 July)
  • Re: Secure dynamic JS compilation under CSP John J Barton (Thursday, 19 July)
    • Re: Secure dynamic JS compilation under CSP Adam Barth (Thursday, 19 July)
      • Re: Secure dynamic JS compilation under CSP John J Barton (Thursday, 19 July)
        • Re: Secure dynamic JS compilation under CSP Adam Barth (Thursday, 19 July)
          • Re: Secure dynamic JS compilation under CSP David Bruant (Thursday, 19 July)
• Re: Secure dynamic JS compilation under CSP Eric Chen (Thursday, 19 July)
  • Re: Secure dynamic JS compilation under CSP Tanvi Vyas (Thursday, 19 July)

CSP 1.1: `script-nonce` and script interface edits. Mike West (Thursday, 19 July)

• Re: CSP 1.1: `script-nonce` and script interface edits. Eric Chen (Thursday, 19 July)
  • Re: CSP 1.1: `script-nonce` and script interface edits. Mike West (Thursday, 19 July)
    • Re: CSP 1.1: `script-nonce` and script interface edits. Eric Chen (Thursday, 19 July)

Why the restriction on unauthenticated GET in CORS? Henry Story (Wednesday, 18 July)

• Re: Why the restriction on unauthenticated GET in CORS? Ian Hickson (Wednesday, 18 July)
  • Re: Why the restriction on unauthenticated GET in CORS? Henry Story (Wednesday, 18 July)
  • Re: Why the restriction on unauthenticated GET in CORS? Cameron Jones (Thursday, 19 July)
    • Re: Why the restriction on unauthenticated GET in CORS? Henry Story (Thursday, 19 July)
      • Re: Why the restriction on unauthenticated GET in CORS? Cameron Jones (Thursday, 19 July)
      • Re: Why the restriction on unauthenticated GET in CORS? Anne van Kesteren (Thursday, 19 July)
        • Re: Why the restriction on unauthenticated GET in CORS? Eric Rescorla (Thursday, 19 July)
          • Re: Why the restriction on unauthenticated GET in CORS? Cameron Jones (Thursday, 19 July)
        • Re: Why the restriction on unauthenticated GET in CORS? Cameron Jones (Thursday, 19 July)
          • Re: Why the restriction on unauthenticated GET in CORS? Anne van Kesteren (Thursday, 19 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Cameron Jones (Thursday, 19 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Adam Barth (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Cameron Jones (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Adam Barth (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Cameron Jones (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Adam Barth (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Henry Story (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Tab Atkins Jr. (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Henry Story (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Ian Hickson (Friday, 20 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Jonas Sicking (Saturday, 21 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Henry Story (Saturday, 21 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Eric Rescorla (Saturday, 21 July)
            • Re: Why the restriction on unauthenticated GET in CORS? Henry Story (Saturday, 21 July)

Regarding Action 67 Tanvi Vyas (Tuesday, 17 July)

[webappsec] Agenda for Telecon 17 Jul 2012 Hill, Brad (Tuesday, 17 July)

CORS security hole? Henry Story (Monday, 16 July)

• Re: CORS security hole? Adam Barth (Monday, 16 July)
  • Re: CORS security hole? Henry Story (Tuesday, 17 July)
    • Re: CORS security hole? Adam Barth (Tuesday, 17 July)
      • Re: CORS security hole? Henry Story (Tuesday, 17 July)
        • Re: CORS security hole? Dirk Pranke (Tuesday, 17 July)
          • CORS proxy - was: CORS security hole? Henry Story (Tuesday, 17 July)
            • Re: CORS proxy - was: CORS security hole? Eric Rescorla (Tuesday, 17 July)
            • Re: CORS proxy - was: CORS security hole? Henry Story (Tuesday, 17 July)
            • Re: CORS proxy - was: CORS security hole? Eric Rescorla (Tuesday, 17 July)

[webappsec] TPAC registration and joint meetings Hill, Brad (Monday, 16 July)

Call for Exclusions: Content Security Policy Ian Jacobs (Tuesday, 10 July)

Coordinating Frame-Options and CSP UI Safety directives Hill, Brad (Monday, 9 July)

• Re: [websec] Coordinating Frame-Options and CSP UI Safety directives Tobias Gondrom (Monday, 9 July)
  • RE: [websec] Coordinating Frame-Options and CSP UI Safety directives Hill, Brad (Tuesday, 10 July)
• Re: [websec] Coordinating Frame-Options and CSP UI Safety directives Tobias Gondrom (Monday, 9 July)

webappsec-ISSUE-15 (SRCDOC, BLOB, ETC): How to handle srcdoc, blob:, di: and ways of directly creating content Web Application Security Working Group Issue Tracker (Tuesday, 3 July)

• Re: webappsec-ISSUE-15 (SRCDOC, BLOB, ETC): How to handle srcdoc, blob:, di: and ways of directly creating content Odin Hørthe Omdal (Wednesday, 4 July)

Re: some further Comments on Content Security Policy 1.0 Editor's Draft =JeffH (Tuesday, 3 July)

• Re: some further Comments on Content Security Policy 1.0 Editor's Draft Adam Barth (Tuesday, 3 July)
• Re: some further Comments on Content Security Policy 1.0 Editor's Draft =JeffH (Tuesday, 3 July)
  • Re: some further Comments on Content Security Policy 1.0 Editor's Draft Adam Barth (Wednesday, 4 July)
• Re: some further Comments on Content Security Policy 1.0 Editor's Draft =JeffH (Thursday, 5 July)
  • Re: some further Comments on Content Security Policy 1.0 Editor's Draft Adam Barth (Thursday, 5 July)

[webappsec] Telecon agenda for WebAppSec WG call of July 3 Hill, Brad (Tuesday, 3 July)

FW: TPAC 2012 Registration Hill, Brad (Tuesday, 3 July)

Re: CSP 1.1: More granular source list definitions. Odin Hørthe Omdal (Monday, 2 July)

• Re: CSP 1.1: More granular source list definitions. Tom Ritter (Monday, 2 July)
• Re: CSP 1.1: More granular source list definitions. Mike West (Tuesday, 3 July)
  • Re: CSP 1.1: More granular source list definitions. Odin Hørthe Omdal (Wednesday, 4 July)

Last message date: Tuesday, 31 July 2012 21:44:59 UTC