public-webappsec@w3.org from March 2012: by thread

New clickjacking threats page Peleus Uhley (Friday, 30 March)

CSP HTTP header description Thomas Roessler (Tuesday, 27 March)

Re: CSP HTTP header description Adam Barth (Tuesday, 27 March)

[webappsec] Call for tomorrow, 3/27, CANCELLED Hill, Brad (Tuesday, 27 March)

RE: [webappsec] Call for tomorrow, 3/27, CANCELLED Jacob Rossi (Tuesday, 27 March)

[webappsec] CSP META tag support - keep or remove? Hill, Brad (Monday, 26 March)

Re: [webappsec] CSP META tag support - keep or remove? Adam Barth (Monday, 26 March)
Re: [webappsec] CSP META tag support - keep or remove? Daniel Veditz (Tuesday, 27 March)
- Re: [webappsec] CSP META tag support - keep or remove? Tom Ritter (Tuesday, 27 March)
- Re: [webappsec] CSP META tag support - keep or remove? Adam Barth (Tuesday, 27 March)
  - Re: [webappsec] CSP META tag support - keep or remove? Daniel Veditz (Friday, 30 March)
    - Re: [webappsec] CSP META tag support - keep or remove? Adam Barth (Friday, 30 March)

[webappsec] Refining CSP header definitions and advice to intermediaries Hill, Brad (Monday, 26 March)

CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? sec_ext (Monday, 19 March)

Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? Adam Barth (Monday, 19 March)
- Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? sec_ext (Monday, 19 March)
  - Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? Eduardo' Vela (Tuesday, 20 March)
- RE: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? Carson, Cory (Tuesday, 20 March)
- Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? David Bruant (Tuesday, 20 March)
  - Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? Giorgio Maone (Tuesday, 20 March)

[Bug 16436] New: Resource processing: shouldn't need to split Origin string on SPACE anymore bugzilla@jessica.w3.org (Monday, 19 March)

[Bug 16434] New: Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes) bugzilla@jessica.w3.org (Monday, 19 March)

[webappsec] TPAC 2012 - Lyon, France, Oct 29-Nov2 Hill, Brad (Thursday, 15 March)

[webappsec] Registration for F2F Hill, Brad (Wednesday, 14 March)

RE: [webappsec] Registration for F2F Hill, Brad (Thursday, 29 March)

webappsec-ISSUE-14 (META tag for CSP): Investigate whether to keep the META tag for CSP Web Application Security Working Group Issue Tracker (Tuesday, 13 March)

FW: W3C WebAppSec WG Meeting Hill, Brad (Tuesday, 13 March)

[webappsec] Updated agenda for 3/13 call Hill, Brad (Tuesday, 13 March)

[webappsec] Agenda for WebAppSec call, today 21:00 UTC Hill, Brad (Tuesday, 13 March)

Re: [webappsec] Agenda for WebAppSec call, today **21:00** UTC Arthur Barstow (Tuesday, 13 March)

XSS through content-sniffing: good case for CSP sandbox directive Hill, Brad (Tuesday, 13 March)

Re: XSS through content-sniffing: good case for CSP sandbox directive Adam Barth (Tuesday, 13 March)
- RE: XSS through content-sniffing: good case for CSP sandbox directive Hill, Brad (Tuesday, 13 March)
  - Re: XSS through content-sniffing: good case for CSP sandbox directive Adam Barth (Tuesday, 13 March)

[CORS] Review of CORS and WebAppSec prior to LCWD Arthur Barstow (Wednesday, 7 March)

Re: [CORS] Review of CORS and WebAppSec prior to LCWD Cameron Jones (Wednesday, 7 March)

Re: [webappsec] straw man anti-clickjacking proposal Giorgio Maone (Monday, 5 March)

Re: [webappsec] straw man anti-clickjacking proposal David Lin-Shung Huang (Tuesday, 6 March)

[webappsec] Straw poll: policy-uri in CSP Hill, Brad (Monday, 5 March)

Re: [webappsec] Straw poll: policy-uri in CSP Adam Barth (Monday, 5 March)
- Re: [webappsec] Straw poll: policy-uri in CSP sec_ext (Tuesday, 6 March)
Re: [webappsec] Straw poll: policy-uri in CSP Daniel Veditz (Tuesday, 6 March)
Re: [webappsec] Straw poll: policy-uri in CSP Giorgio Maone (Tuesday, 6 March)

Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Hill, Brad (Monday, 5 March)

Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Thomas Roessler (Monday, 5 March)
- Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Arthur Barstow (Monday, 5 March)
  - RE: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Hill, Brad (Monday, 5 March)
    - Re: Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Arthur Barstow (Monday, 5 March)

[webappsec] May 2-3 F2F call for objections Hill, Brad (Monday, 5 March)

RE: [webappsec] Bay Area F2F, May 2-3 [CORRECTED] Hill, Brad (Monday, 5 March)

[webappsec] Bay Area F2F, April 11-12 Hill, Brad (Monday, 5 March)

Re: [webappsec] Bay Area F2F, April 11-12 Anne van Kesteren (Monday, 5 March)
- Re: [webappsec] Bay Area F2F Arthur Barstow (Monday, 5 March)

[Bug 16203] New: Nothing is said about what happens when default-src is omitted. bugzilla@jessica.w3.org (Friday, 2 March)

Re: CSP and cross-frame communication David Bruant (Thursday, 1 March)

Re: CSP and cross-frame communication Adam Barth (Thursday, 1 March)
- Re: CSP and cross-frame communication David Bruant (Thursday, 1 March)
Re: CSP and cross-frame communication Daniel Veditz (Monday, 5 March)
- Re: CSP and cross-frame communication David Bruant (Monday, 5 March)
  - Re: CSP and cross-frame communication Daniel Veditz (Monday, 5 March)
    - Re: CSP and cross-frame communication David Bruant (Monday, 5 March)

Re: Removing the same(ish) origin restriction on report-uri sec_ext (Wednesday, 29 February)

Call for Exclusions (Update): Content Security Policy Ian Jacobs (Thursday, 1 March)

Last message date: Friday, 30 March 2012 22:54:04 UTC

New clickjacking threats page Peleus Uhley (Friday, 30 March)

CSP HTTP header description Thomas Roessler (Tuesday, 27 March)

[webappsec] Call for tomorrow, 3/27, CANCELLED Hill, Brad (Tuesday, 27 March)

[webappsec] CSP META tag support - keep or remove? Hill, Brad (Monday, 26 March)

[webappsec] Refining CSP header definitions and advice to intermediaries Hill, Brad (Monday, 26 March)

CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? sec_ext (Monday, 19 March)

[Bug 16436] New: Resource processing: shouldn't need to split Origin string on SPACE anymore bugzilla@jessica.w3.org (Monday, 19 March)

[Bug 16434] New: Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes) bugzilla@jessica.w3.org (Monday, 19 March)

[webappsec] TPAC 2012 - Lyon, France, Oct 29-Nov2 Hill, Brad (Thursday, 15 March)

[webappsec] Registration for F2F Hill, Brad (Wednesday, 14 March)

webappsec-ISSUE-14 (META tag for CSP): Investigate whether to keep the META tag for CSP Web Application Security Working Group Issue Tracker (Tuesday, 13 March)

FW: W3C WebAppSec WG Meeting Hill, Brad (Tuesday, 13 March)

[webappsec] Updated agenda for 3/13 call Hill, Brad (Tuesday, 13 March)

[webappsec] Agenda for WebAppSec call, today **21:00** UTC Hill, Brad (Tuesday, 13 March)

XSS through content-sniffing: good case for CSP sandbox directive Hill, Brad (Tuesday, 13 March)

[CORS] Review of CORS and WebAppSec prior to LCWD Arthur Barstow (Wednesday, 7 March)

Re: [webappsec] straw man anti-clickjacking proposal Giorgio Maone (Monday, 5 March)

[webappsec] Straw poll: policy-uri in CSP Hill, Brad (Monday, 5 March)

Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Hill, Brad (Monday, 5 March)

[webappsec] May 2-3 F2F call for objections Hill, Brad (Monday, 5 March)

RE: [webappsec] Bay Area F2F, May 2-3 [CORRECTED] Hill, Brad (Monday, 5 March)

[webappsec] Bay Area F2F, April 11-12 Hill, Brad (Monday, 5 March)

[Bug 16203] New: Nothing is said about what happens when default-src is omitted. bugzilla@jessica.w3.org (Friday, 2 March)

Re: CSP and cross-frame communication David Bruant (Thursday, 1 March)

Re: Removing the same(ish) origin restriction on report-uri sec_ext (Wednesday, 29 February)

Call for Exclusions (Update): Content Security Policy Ian Jacobs (Thursday, 1 March)

[webappsec] Agenda for WebAppSec call, today 21:00 UTC Hill, Brad (Tuesday, 13 March)