[webappsec] Call for Consensus: CSP 1.1 to FPWD from Hill, Brad on 2012-11-27 (public-webappsec@w3.org from November 2012)

From: Hill, Brad <bhill@paypal-inc.com>
Date: Tue, 27 Nov 2012 22:01:20 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E2F5841@DEN-EXDDA-S12.corp.ebay.com>

This is a Call for Consensus among the WebAppSec WG to accept the following draft of CSP 1.1 as a First Public Working draft:

https://dvcs.w3.org/hg/content-security-policy/raw-file/48bed86c418d/csp-specification.dev.html

CSP 1.1 extends CSP 1.0 and defines several new elements of policy mechanism:

* an HTML <meta> Element
* Script Interfaces
* Directory path Source Expressions
* Media Type lists

As well as a number of new directives:

* form-action
* script-nonce
* plugin-types
* reflected-xss

Please send comments to public-webappsec@w3.org<mailto:public-webappsec@w3.org> , positive feedback is encouraged.

This CfC will end on December 4, 2012.

Thank you,

Brad Hill

Received on Tuesday, 27 November 2012 22:01:51 UTC