- From: Hill, Brad <bhill@paypal-inc.com>
- Date: Tue, 27 Nov 2012 22:01:20 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Tuesday, 27 November 2012 22:01:51 UTC
This is a Call for Consensus among the WebAppSec WG to accept the following draft of CSP 1.1 as a First Public Working draft: https://dvcs.w3.org/hg/content-security-policy/raw-file/48bed86c418d/csp-specification.dev.html CSP 1.1 extends CSP 1.0 and defines several new elements of policy mechanism: * an HTML <meta> Element * Script Interfaces * Directory path Source Expressions * Media Type lists As well as a number of new directives: * form-action * script-nonce * plugin-types * reflected-xss Please send comments to public-webappsec@w3.org<mailto:public-webappsec@w3.org> , positive feedback is encouraged. This CfC will end on December 4, 2012. Thank you, Brad Hill
Received on Tuesday, 27 November 2012 22:01:51 UTC