public-webappsec@w3.org from November 2012 by author

Adam Barth

• Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Wednesday, 28 November)
• Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Wednesday, 28 November)
• Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Tuesday, 27 November)
• Re: [websec] Call for Consensus: CORS to Candidate Recommendation (Wednesday, 21 November)
• Re: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Saturday, 17 November)
• Re: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Tuesday, 13 November)
• Re: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Friday, 9 November)
• Re: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Thursday, 8 November)
• Re: ISSUE-38: Discuss no-mixed-content further as a 1.1 experimental directive (Friday, 2 November)
• Re: Script-nonce policies (Friday, 2 November)
• Re: Script-nonce policies (Friday, 2 November)
• Re: CSP, style-src, and what it means to ignore style attributes (Friday, 2 November)

Alex Russell

• Re: Batching CSP violation reports. (Monday, 5 November)

Arthur Barstow

• Re: [webappsec] ACTION REQUIRED: Call for Consensus on new WebAppSec WG Charter (Thursday, 29 November)
• Re: Call for Consensus: CORS to Candidate Recommendation (Friday, 16 November)
• Re: [webappsec] updated draft SVG: simple CORS request (Wednesday, 7 November)

Boris Zbarsky

• Re: RfR: CORS tests - deadline 6 December (Wednesday, 21 November)

bugzilla@jessica.w3.org

• [Bug 19920] New: Don't allow space-separated origins in the syntax (Friday, 9 November)

Carine Bournez

• Re: Please fix! [Pub request: FPWD of User Interface Safety Directives for CSP] (Tuesday, 20 November)
• Re: Please fix! [Pub request: FPWD of User Interface Safety Directives for CSP] (Tuesday, 20 November)
• Please fix! [Pub request: FPWD of User Interface Safety Directives for CSP] (Monday, 5 November)

Dan Veditz

• Re: Trigger a DOM event/error when a CSP violation happens. (Wednesday, 28 November)
• Re: Trigger a DOM event/error when a CSP violation happens. (Wednesday, 28 November)
• Re: how to protect javascript codes (Monday, 19 November)
• Re: how to protect javascript codes (Saturday, 17 November)
• Re: how to protect javascript codes (Saturday, 17 November)
• Re: ISSUE-38: Discuss no-mixed-content further as a 1.1 experimental directive (Saturday, 3 November)
• Re: ISSUE-38: Discuss no-mixed-content further as a 1.1 experimental directive (Saturday, 3 November)
• Re: Restricting APIs in CSP (Friday, 2 November)
• Re: CSP and inline styles (Friday, 2 November)

David Lin-Shung Huang

• Re: UI Safety Obstruction check and transforms (Wednesday, 28 November)
• Re: UI Safety Obstruction check and transforms (Wednesday, 28 November)

Devdatta Akhawe

• Re: Trigger a DOM event/error when a CSP violation happens. (Tuesday, 27 November)
• Re: Trigger a DOM event/error when a CSP violation happens. (Tuesday, 27 November)

Dirk Schulze

• Security model review CSS Masking (Tuesday, 6 November)

Eduardo' Vela

• Re: Trigger a DOM event/error when a CSP violation happens. (Thursday, 22 November)

Eric Chen

• Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Wednesday, 28 November)

Eric Rescorla

• Restricting APIs in CSP (Friday, 2 November)

Fred Andrews

• RE: UI Safety Obstruction check and transforms (Wednesday, 28 November)
• RE: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Tuesday, 27 November)
• UI Safety Obstruction check and transforms (Wednesday, 21 November)
• RE: ISSUE-25: Do frame-options directives (or other UISafety directives) make sense in a meta tag context? (Sunday, 11 November)
• RE: ISSUE-30: How to address dynamic application of CSP post page load / partial page load via META or script interface (Monday, 5 November)
• RE: ISSUE-28: What specific attacks are prevented by OS screenshots, should this be recommended against generally? (Monday, 5 November)
• RE: ISSUE-26: Does the sandbox directive make sense in a meta tag context? (Monday, 5 November)
• RE: ISSUE-25: Do frame-options directives (or other UISafety directives) make sense in a meta tag context? (Sunday, 4 November)

Hill, Brad

• RE: [webappsec] ACTION REQUIRED: Call for Consensus on new WebAppSec WG Charter (Thursday, 29 November)
• [webappsec] ACTION REQUIRED: Call for Consensus on new WebAppSec WG Charter (Tuesday, 27 November)
• [webappsec] Call for Consensus: CSP 1.1 to FPWD (Tuesday, 27 November)
• [webappsec] Teleconference Poll: time unchanged (Wednesday, 21 November)
• RE: A11y for Web App Sec Anti clickjacking spec (Wednesday, 21 November)
• RE: CORS test status (Wednesday, 21 November)
• [webappsec] New draft charter for discussion (Tuesday, 20 November)
• [webappsec] Agenda for Teleconference of Nov 20, 2012 (Tuesday, 20 November)
• RE: Please fix! [Pub request: FPWD of User Interface Safety Directives for CSP] (Tuesday, 20 November)
• [webappsec] TPAC chatlog cleanup (Monday, 19 November)
• RE: how to protect javascript codes (Saturday, 17 November)
• Call for Consensus: CORS to Candidate Recommendation (Thursday, 15 November)
• [webappsec] PLEASE RESPOND: poll for new teleconference time (Thursday, 15 November)
• RE: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Thursday, 8 November)
• [webappsec] subsume X-XSS-Protection into CSP 1.1? (Thursday, 8 November)
• RE: [webappsec] updated draft SVG: simple CORS request (Wednesday, 7 November)
• [webappsec] Reminder, today's call is CANCELLED (Tuesday, 6 November)
• RE: Batching CSP violation reports. (Monday, 5 November)
• [webappsec] call for reportURIs DOM API use cases (Monday, 5 November)
• [webappsec] Remote participation in IETF websec meeting (Monday, 5 November)
• Re: Please fix! [Pub request: FPWD of User Interface Safety Directives for CSP] (Monday, 5 November)
• RE: Please fix! [Pub request: FPWD of User Interface Safety Directives for CSP] (Monday, 5 November)
• RE: ISSUE-28: What specific attacks are prevented by OS screenshots, should this be recommended against generally? (Monday, 5 November)
• RE: ISSUE-28: What specific attacks are prevented by OS screenshots, should this be recommended against generally? (Monday, 5 November)
• RE: Script-nonce policies (Sunday, 4 November)
• TPAC meeting adjourned (Friday, 2 November)
• updated test VM link (Thursday, 1 November)
• Running a few min late (Thursday, 1 November)
• TPAC schedule clarification (Thursday, 1 November)

Ian Jacobs

• Call for Exclusions: User Interface Safety Directives for Content Security Policy (Tuesday, 20 November)

Ian Melven

• Re: Restricting APIs in CSP (Tuesday, 20 November)
• Re: Batching CSP violation reports. (Monday, 5 November)
• Re: ISSUE-38: Discuss no-mixed-content further as a 1.1 experimental directive (Friday, 2 November)

Jacob Rossi

• RE: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Thursday, 29 November)
• RE: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Wednesday, 28 November)
• RE: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Wednesday, 28 November)
• RE: Batching CSP violation reports. (Monday, 5 November)

Joel Howard Willis Weinberger

• Re: Script-nonce policies (Friday, 2 November)

Karl Dubost

• Re: RfR: CORS tests - deadline 6 December (Thursday, 22 November)

L. David Baron

• Re: CSP and inline styles (Friday, 2 November)
• CSP, style-src, and what it means to ignore style attributes (Friday, 2 November)

Léonie Watson

• A11y for Web App Sec Anti clickjacking spec (Sunday, 18 November)

Mike West

• Re: Trigger a DOM event/error when a CSP violation happens. (Thursday, 29 November)
• Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Thursday, 29 November)
• Re: Trigger a DOM event/error when a CSP violation happens. (Tuesday, 27 November)
• Re: Trigger a DOM event/error when a CSP violation happens. (Thursday, 22 November)
• Re: Trigger a DOM event/error when a CSP violation happens. (Thursday, 22 November)
• Re: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Saturday, 17 November)
• Re: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Saturday, 17 November)
• Re: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Monday, 12 November)
• Re: [webappsec] updated draft SVG: simple CORS request (Wednesday, 7 November)
• Re: Batching CSP violation reports. (Monday, 5 November)
• Batching CSP violation reports. (Monday, 5 November)

Mountie Lee

• Re: UI Safety Obstruction check and transforms (Wednesday, 28 November)
• Re: how to protect javascript codes (Monday, 19 November)
• Re: how to protect javascript codes (Saturday, 17 November)
• Re: how to protect javascript codes (Saturday, 17 November)
• how to protect javascript codes (Saturday, 17 November)

neil matatall

• Re: [webappsec] subsume X-XSS-Protection into CSP 1.1? (Thursday, 8 November)

Odin Hørthe Omdal

• RfR: CORS tests - deadline 6 December (Wednesday, 21 November)
• Re: CORS test status (Wednesday, 21 November)
• Re: Call for Consensus: CORS to Candidate Recommendation (Friday, 16 November)

Robin Berjon

• Re: Please fix! [Pub request: FPWD of User Interface Safety Directives for CSP] (Tuesday, 20 November)

Thomas Roessler

• Re: Please fix! [Pub request: FPWD of User Interface Safety Directives for CSP] (Monday, 5 November)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-40 (X-XSS-Protection): Look at incorporating X-XSS-Protection functionality into CSP 1.1 (Thursday, 8 November)
• ISSUE-39: Discuss CSP relevant use cases for possibly including Meta Referrer as a CSP directive (Friday, 2 November)
• ISSUE-38: Discuss no-mixed-content further as a 1.1 experimental directive (Friday, 2 November)
• ISSUE-37: How to apply plugin-types in CSP 1.1 to iframes (Friday, 2 November)
• ISSUE-36: Are we interested in considering script-hash as a CSP 1.1 directive? (Friday, 2 November)
• ISSUE-35: Should we add an "httpOnly" like directive to CSP to indicate that the state of this policy is not available to the script APIs? (Friday, 2 November)
• ISSUE-34: Discuss use cases / risks of script access to CSP information, solicit specific public comment on this feature with FPWD (Friday, 2 November)
• ISSUE-33: Need to address blob, data, filesystem URL types with greater specificity in CSP 1.1 spec (Friday, 2 November)
• ISSUE-32: Do we specify that path-specificity applies only to hierarchical URI schemes? (Friday, 2 November)
• ISSUE-31: What specification's definition of URL/URI are we using for path parsing in CSP 1.1? (Friday, 2 November)
• ISSUE-30: How to address dynamic application of CSP post page load / partial page load via META or script interface (Friday, 2 November)
• ISSUE-29: What are sane defaults for clipping with clipping or selectors? (Thursday, 1 November)
• ISSUE-28: What specific attacks are prevented by OS screenshots, should this be recommended against generally? (Thursday, 1 November)
• ISSUE-27: Implementation concern on how to enforce display-time : should we provide more advice on how to do this efficiently? (Thursday, 1 November)
• ISSUE-26: Does the sandbox directive make sense in a meta tag context? (Thursday, 1 November)
• ISSUE-25: Do frame-options directives (or other UISafety directives) make sense in a meta tag context? (Thursday, 1 November)
• ISSUE-24: (); (Thursday, 1 November)
• ISSUE-23: Are there cases of synthetic UIEvents where it would be useful to set the unsafe attribute even if the policy is block so event is not delivered (Thursday, 1 November)
• ISSUE-22: Are there cases of synthetic UIEvents where it would be useful to set the unsafe attribute even if the policy is block (so event is not delivered) (Thursday, 1 November)
• ISSUE-21: Do assistive technologies send real events or synthetic events? (Thursday, 1 November)
• ISSUE-20: If browsers apply this heuristic without an explicit opt-in policy, should we always block and not have the unsafe UIEvent property (Thursday, 1 November)

Last message date: Thursday, 29 November 2012 20:17:59 UTC