- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 8 Nov 2012 12:07:46 -0800
- To: "Hill, Brad" <bhill@paypal-inc.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Nov 8, 2012 at 12:01 PM, Hill, Brad <bhill@paypal-inc.com> wrote: > As I’m here at the IETF, reviewing the websec’s charter statement and > framework requirements, I note that one of the goals that drove the > formation of both our WGs was to reduce fragmentation and duplication of > security features and make it easier for resource owners to author policy > through a consolidated, extensible mechanism. > > In that spirit, I wonder if another logical directive for CSP 1.1 might be > to incorporate the features currently provide by “X-XSS-Protection”. It > eliminates the need for another X- header, and seems like a logical fit. > > Would there be any interest in this from implementers who currently manage > XSS filters in their browser? Yes. Adam
Received on Thursday, 8 November 2012 20:08:46 UTC