public-webappsec@w3.org from March 2012: by subject

[Bug 16203] New: Nothing is said about what happens when default-src is omitted.

[Bug 16434] New: Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes)

[Bug 16436] New: Resource processing: shouldn't need to split Origin string on SPACE anymore

[CORS] Review of CORS and WebAppSec prior to LCWD

[webappsec] Agenda for WebAppSec call, today 21:00 UTC

[webappsec] Bay Area F2F

[webappsec] Bay Area F2F, April 11-12

[webappsec] Bay Area F2F, May 2-3 [CORRECTED]

[webappsec] Call for tomorrow, 3/27, CANCELLED

[webappsec] CSP META tag support - keep or remove?

[webappsec] May 2-3 F2F call for objections

[webappsec] Refining CSP header definitions and advice to intermediaries

[webappsec] Registration for F2F

[webappsec] straw man anti-clickjacking proposal

[webappsec] Straw poll: policy-uri in CSP

[webappsec] TPAC 2012 - Lyon, France, Oct 29-Nov2

[webappsec] Updated agenda for 3/13 call

Call for Exclusions (Update): Content Security Policy

CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?

CSP and cross-frame communication

CSP HTTP header description

New clickjacking threats page

Removing the same(ish) origin restriction on report-uri

Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call

W3C WebAppSec WG Meeting

webappsec-ISSUE-14 (META tag for CSP): Investigate whether to keep the META tag for CSP

XSS through content-sniffing: good case for CSP sandbox directive

Last message date: Friday, 30 March 2012 22:54:04 UTC

[Bug 16203] New: Nothing is said about what happens when default-src is omitted.

[Bug 16434] New: Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes)

[Bug 16436] New: Resource processing: shouldn't need to split Origin string on SPACE anymore

[CORS] Review of CORS and WebAppSec prior to LCWD

[webappsec] Agenda for WebAppSec call, today **21:00** UTC

[webappsec] Bay Area F2F

[webappsec] Bay Area F2F, April 11-12

[webappsec] Bay Area F2F, May 2-3 [CORRECTED]

[webappsec] Call for tomorrow, 3/27, CANCELLED

[webappsec] CSP META tag support - keep or remove?

[webappsec] May 2-3 F2F call for objections

[webappsec] Refining CSP header definitions and advice to intermediaries

[webappsec] Registration for F2F

[webappsec] straw man anti-clickjacking proposal

[webappsec] Straw poll: policy-uri in CSP

[webappsec] TPAC 2012 - Lyon, France, Oct 29-Nov2

[webappsec] Updated agenda for 3/13 call

Call for Exclusions (Update): Content Security Policy

CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?

CSP and cross-frame communication

CSP HTTP header description

New clickjacking threats page

Removing the same(ish) origin restriction on report-uri

Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call

W3C WebAppSec WG Meeting

webappsec-ISSUE-14 (META tag for CSP): Investigate whether to keep the META tag for CSP

XSS through content-sniffing: good case for CSP sandbox directive

[webappsec] Agenda for WebAppSec call, today 21:00 UTC