Friday, 30 March 2012
- Re: [webappsec] CSP META tag support - keep or remove?
- Re: [webappsec] CSP META tag support - keep or remove?
- New clickjacking threats page
Thursday, 29 March 2012
Tuesday, 27 March 2012
- Re: [webappsec] CSP META tag support - keep or remove?
- Re: [webappsec] CSP META tag support - keep or remove?
- Re: [webappsec] CSP META tag support - keep or remove?
- Re: CSP HTTP header description
- CSP HTTP header description
- RE: [webappsec] Call for tomorrow, 3/27, CANCELLED
- [webappsec] Call for tomorrow, 3/27, CANCELLED
Monday, 26 March 2012
- Re: [webappsec] CSP META tag support - keep or remove?
- [webappsec] CSP META tag support - keep or remove?
- [webappsec] Refining CSP header definitions and advice to intermediaries
Tuesday, 20 March 2012
- Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?
- Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?
- RE: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?
- Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?
Monday, 19 March 2012
- Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?
- Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?
- CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?
- [Bug 16436] New: Resource processing: shouldn't need to split Origin string on SPACE anymore
- [Bug 16434] New: Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes)
Thursday, 15 March 2012
Wednesday, 14 March 2012
Tuesday, 13 March 2012
- webappsec-ISSUE-14 (META tag for CSP): Investigate whether to keep the META tag for CSP
- FW: W3C WebAppSec WG Meeting
- [webappsec] Updated agenda for 3/13 call
- Re: [webappsec] Agenda for WebAppSec call, today **21:00** UTC
- [webappsec] Agenda for WebAppSec call, today **21:00** UTC
- Re: XSS through content-sniffing: good case for CSP sandbox directive
- RE: XSS through content-sniffing: good case for CSP sandbox directive
- Re: XSS through content-sniffing: good case for CSP sandbox directive
- XSS through content-sniffing: good case for CSP sandbox directive
Wednesday, 7 March 2012
- Re: [CORS] Review of CORS and WebAppSec prior to LCWD
- [CORS] Review of CORS and WebAppSec prior to LCWD
Tuesday, 6 March 2012
- Re: [webappsec] Straw poll: policy-uri in CSP
- Re: [webappsec] Straw poll: policy-uri in CSP
- Re: [webappsec] Straw poll: policy-uri in CSP
- Re: [webappsec] straw man anti-clickjacking proposal
Monday, 5 March 2012
- Re: [webappsec] straw man anti-clickjacking proposal
- Re: [webappsec] Straw poll: policy-uri in CSP
- Re: CSP and cross-frame communication
- [webappsec] Straw poll: policy-uri in CSP
- Re: CSP and cross-frame communication
- Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call
- RE: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call
- Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call
- Re: CSP and cross-frame communication
- Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call
- Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call
- Re: CSP and cross-frame communication
- Re: [webappsec] Bay Area F2F
- [webappsec] May 2-3 F2F call for objections
- RE: [webappsec] Bay Area F2F, May 2-3 [CORRECTED]
- Re: [webappsec] Bay Area F2F, April 11-12
- [webappsec] Bay Area F2F, April 11-12
Friday, 2 March 2012
Thursday, 1 March 2012
- Re: CSP and cross-frame communication
- Re: CSP and cross-frame communication
- Re: CSP and cross-frame communication