public-webappsec@w3.org from March 2012 by author

Adam Barth

• Re: [webappsec] CSP META tag support - keep or remove? (Friday, 30 March)
• Re: [webappsec] CSP META tag support - keep or remove? (Tuesday, 27 March)
• Re: CSP HTTP header description (Tuesday, 27 March)
• Re: [webappsec] CSP META tag support - keep or remove? (Monday, 26 March)
• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? (Monday, 19 March)
• Re: XSS through content-sniffing: good case for CSP sandbox directive (Tuesday, 13 March)
• Re: XSS through content-sniffing: good case for CSP sandbox directive (Tuesday, 13 March)
• Re: [webappsec] Straw poll: policy-uri in CSP (Monday, 5 March)
• Re: CSP and cross-frame communication (Thursday, 1 March)

Anne van Kesteren

• Re: [webappsec] Bay Area F2F, April 11-12 (Monday, 5 March)

Arthur Barstow

• Re: [webappsec] Agenda for WebAppSec call, today **21:00** UTC (Tuesday, 13 March)
• [CORS] Review of CORS and WebAppSec prior to LCWD (Wednesday, 7 March)
• Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call (Monday, 5 March)
• Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call (Monday, 5 March)
• Re: [webappsec] Bay Area F2F (Monday, 5 March)

bugzilla@jessica.w3.org

• [Bug 16436] New: Resource processing: shouldn't need to split Origin string on SPACE anymore (Monday, 19 March)
• [Bug 16434] New: Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes) (Monday, 19 March)
• [Bug 16203] New: Nothing is said about what happens when default-src is omitted. (Friday, 2 March)

Cameron Jones

• Re: [CORS] Review of CORS and WebAppSec prior to LCWD (Wednesday, 7 March)

Carson, Cory

• RE: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? (Tuesday, 20 March)

Daniel Veditz

• Re: [webappsec] CSP META tag support - keep or remove? (Friday, 30 March)
• Re: [webappsec] CSP META tag support - keep or remove? (Tuesday, 27 March)
• Re: [webappsec] Straw poll: policy-uri in CSP (Tuesday, 6 March)
• Re: CSP and cross-frame communication (Monday, 5 March)
• Re: CSP and cross-frame communication (Monday, 5 March)

David Bruant

• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? (Tuesday, 20 March)
• Re: CSP and cross-frame communication (Monday, 5 March)
• Re: CSP and cross-frame communication (Monday, 5 March)
• Re: CSP and cross-frame communication (Thursday, 1 March)
• Re: CSP and cross-frame communication (Thursday, 1 March)

David Lin-Shung Huang

• Re: [webappsec] straw man anti-clickjacking proposal (Tuesday, 6 March)

Eduardo' Vela

• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? (Tuesday, 20 March)

Giorgio Maone

• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? (Tuesday, 20 March)
• Re: [webappsec] Straw poll: policy-uri in CSP (Tuesday, 6 March)
• Re: [webappsec] straw man anti-clickjacking proposal (Monday, 5 March)

Hill, Brad

• RE: [webappsec] Registration for F2F (Thursday, 29 March)
• [webappsec] Call for tomorrow, 3/27, CANCELLED (Tuesday, 27 March)
• [webappsec] CSP META tag support - keep or remove? (Monday, 26 March)
• [webappsec] Refining CSP header definitions and advice to intermediaries (Monday, 26 March)
• [webappsec] TPAC 2012 - Lyon, France, Oct 29-Nov2 (Thursday, 15 March)
• [webappsec] Registration for F2F (Wednesday, 14 March)
• FW: W3C WebAppSec WG Meeting (Tuesday, 13 March)
• [webappsec] Updated agenda for 3/13 call (Tuesday, 13 March)
• [webappsec] Agenda for WebAppSec call, today **21:00** UTC (Tuesday, 13 March)
• RE: XSS through content-sniffing: good case for CSP sandbox directive (Tuesday, 13 March)
• XSS through content-sniffing: good case for CSP sandbox directive (Tuesday, 13 March)
• [webappsec] Straw poll: policy-uri in CSP (Monday, 5 March)
• RE: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call (Monday, 5 March)
• Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call (Monday, 5 March)
• [webappsec] May 2-3 F2F call for objections (Monday, 5 March)
• RE: [webappsec] Bay Area F2F, May 2-3 [CORRECTED] (Monday, 5 March)
• [webappsec] Bay Area F2F, April 11-12 (Monday, 5 March)

Ian Jacobs

• Call for Exclusions (Update): Content Security Policy (Thursday, 1 March)

Jacob Rossi

• RE: [webappsec] Call for tomorrow, 3/27, CANCELLED (Tuesday, 27 March)

Peleus Uhley

• New clickjacking threats page (Friday, 30 March)

sec_ext

• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? (Monday, 19 March)
• CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? (Monday, 19 March)
• Re: [webappsec] Straw poll: policy-uri in CSP (Tuesday, 6 March)
• Re: Removing the same(ish) origin restriction on report-uri (Wednesday, 29 February)

Thomas Roessler

• CSP HTTP header description (Tuesday, 27 March)
• Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call (Monday, 5 March)

Tom Ritter

• Re: [webappsec] CSP META tag support - keep or remove? (Tuesday, 27 March)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-14 (META tag for CSP): Investigate whether to keep the META tag for CSP (Tuesday, 13 March)

Last message date: Friday, 30 March 2012 22:54:04 UTC