W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2012

Re: [webappsec] subsume X-XSS-Protection into CSP 1.1?

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 8 Nov 2012 12:07:46 -0800
Message-ID: <CAJE5ia-80d7GWS+rnBQAsnHi=1xzPfMc_r6pgK8qRYC4obpaLg@mail.gmail.com>
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Nov 8, 2012 at 12:01 PM, Hill, Brad <bhill@paypal-inc.com> wrote:
> As I’m here at the IETF, reviewing the websec’s charter statement and
> framework requirements, I note that one of the goals that drove the
> formation of both our WGs was to reduce fragmentation and duplication of
> security features and make it easier for resource owners to author policy
> through a consolidated, extensible mechanism.
> In that spirit, I wonder if another logical directive for CSP 1.1 might be
> to incorporate the features currently provide by “X-XSS-Protection”.  It
> eliminates the need for another X- header, and seems like a logical fit.
> Would there be any interest in this from implementers who currently manage
> XSS filters in their browser?


Received on Thursday, 8 November 2012 20:08:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:30 UTC