public-webappsec@w3.org from March 2012 by date

Friday, 30 March 2012

• Re: [webappsec] CSP META tag support - keep or remove? Adam Barth
• Re: [webappsec] CSP META tag support - keep or remove? Daniel Veditz
• New clickjacking threats page Peleus Uhley

Thursday, 29 March 2012

• RE: [webappsec] Registration for F2F Hill, Brad

Tuesday, 27 March 2012

• Re: [webappsec] CSP META tag support - keep or remove? Adam Barth
• Re: [webappsec] CSP META tag support - keep or remove? Tom Ritter
• Re: [webappsec] CSP META tag support - keep or remove? Daniel Veditz
• Re: CSP HTTP header description Adam Barth
• CSP HTTP header description Thomas Roessler
• RE: [webappsec] Call for tomorrow, 3/27, CANCELLED Jacob Rossi
• [webappsec] Call for tomorrow, 3/27, CANCELLED Hill, Brad

Monday, 26 March 2012

• Re: [webappsec] CSP META tag support - keep or remove? Adam Barth
• [webappsec] CSP META tag support - keep or remove? Hill, Brad
• [webappsec] Refining CSP header definitions and advice to intermediaries Hill, Brad

Tuesday, 20 March 2012

• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? Giorgio Maone
• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? David Bruant
• RE: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? Carson, Cory
• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? Eduardo' Vela

Monday, 19 March 2012

• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? sec_ext
• Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? Adam Barth
• CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? sec_ext
• [Bug 16436] New: Resource processing: shouldn't need to split Origin string on SPACE anymore bugzilla@jessica.w3.org
• [Bug 16434] New: Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes) bugzilla@jessica.w3.org

Thursday, 15 March 2012

• [webappsec] TPAC 2012 - Lyon, France, Oct 29-Nov2 Hill, Brad

Wednesday, 14 March 2012

• [webappsec] Registration for F2F Hill, Brad

Tuesday, 13 March 2012

• webappsec-ISSUE-14 (META tag for CSP): Investigate whether to keep the META tag for CSP Web Application Security Working Group Issue Tracker
• FW: W3C WebAppSec WG Meeting Hill, Brad
• [webappsec] Updated agenda for 3/13 call Hill, Brad
• Re: [webappsec] Agenda for WebAppSec call, today **21:00** UTC Arthur Barstow
• [webappsec] Agenda for WebAppSec call, today **21:00** UTC Hill, Brad
• Re: XSS through content-sniffing: good case for CSP sandbox directive Adam Barth
• RE: XSS through content-sniffing: good case for CSP sandbox directive Hill, Brad
• Re: XSS through content-sniffing: good case for CSP sandbox directive Adam Barth
• XSS through content-sniffing: good case for CSP sandbox directive Hill, Brad

Wednesday, 7 March 2012

• Re: [CORS] Review of CORS and WebAppSec prior to LCWD Cameron Jones
• [CORS] Review of CORS and WebAppSec prior to LCWD Arthur Barstow

Tuesday, 6 March 2012

• Re: [webappsec] Straw poll: policy-uri in CSP Giorgio Maone
• Re: [webappsec] Straw poll: policy-uri in CSP Daniel Veditz
• Re: [webappsec] Straw poll: policy-uri in CSP sec_ext
• Re: [webappsec] straw man anti-clickjacking proposal David Lin-Shung Huang

Monday, 5 March 2012

• Re: [webappsec] straw man anti-clickjacking proposal Giorgio Maone
• Re: [webappsec] Straw poll: policy-uri in CSP Adam Barth
• Re: CSP and cross-frame communication David Bruant
• [webappsec] Straw poll: policy-uri in CSP Hill, Brad
• Re: CSP and cross-frame communication Daniel Veditz
• Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Arthur Barstow
• RE: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Hill, Brad
• Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Arthur Barstow
• Re: CSP and cross-frame communication David Bruant
• Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Thomas Roessler
• Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Hill, Brad
• Re: CSP and cross-frame communication Daniel Veditz
• Re: [webappsec] Bay Area F2F Arthur Barstow
• [webappsec] May 2-3 F2F call for objections Hill, Brad
• RE: [webappsec] Bay Area F2F, May 2-3 [CORRECTED] Hill, Brad
• Re: [webappsec] Bay Area F2F, April 11-12 Anne van Kesteren
• [webappsec] Bay Area F2F, April 11-12 Hill, Brad

Friday, 2 March 2012

• [Bug 16203] New: Nothing is said about what happens when default-src is omitted. bugzilla@jessica.w3.org

Thursday, 1 March 2012

• Re: CSP and cross-frame communication David Bruant
• Re: CSP and cross-frame communication Adam Barth
• Re: CSP and cross-frame communication David Bruant

Wednesday, 29 February 2012

• Re: Removing the same(ish) origin restriction on report-uri sec_ext

Thursday, 1 March 2012

• Call for Exclusions (Update): Content Security Policy Ian Jacobs

Last message date: Friday, 30 March 2012 22:54:04 UTC