public-webappsec@w3.org from September 2012 by author

=JeffH

Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Tuesday, 11 September)

Adam Barth

Re: CSP connect-src and browser plugins (Sunday, 23 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: CSP Sandbox directive and meta tag - CSP 1.1 (Wednesday, 19 September)
Re: unsafe-inline for style-src (Wednesday, 19 September)
Re: CSP 1.0: relaxing mandated enforcing and monitoring to avoid probing and to avoid content being written to depend on CSP. (Thursday, 13 September)
Re: ISSUE-6 comments addressed (Thursday, 13 September)
Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Thursday, 13 September)
ISSUE-6 comments addressed (Thursday, 13 September)
Re: script-tag with html template-content (Monday, 10 September)
Re: Interaction of CSP and IRIs (Friday, 7 September)
Re: Interaction of CSP and IRIs (Thursday, 6 September)
Re: Call for Consensus: Content Security Policy 1.0 to Candidate Recommendation (Thursday, 6 September)
Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Monday, 3 September)

Bjoern Hoehrmann

Re: unsafe-inline for style-src (Thursday, 27 September)

Boris Zbarsky

Re: CORS test status (Saturday, 29 September)
Re: CORS test status (Tuesday, 25 September)
Re: CORS test status (Tuesday, 25 September)
Re: CORS test status (Tuesday, 25 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Wednesday, 19 September)
Re: Interaction of CSP and IRIs (Friday, 7 September)
Re: Interaction of CSP and IRIs (Friday, 7 September)
Interaction of CSP and IRIs (Thursday, 6 September)

Brad Hill

Regrets for today's call. (Tuesday, 25 September)

Dan Veditz

Re: CSP connect-src and browser plugins (Sunday, 23 September)

David Lin-Shung Huang

Re: New clickjacking research published (Tuesday, 11 September)

Devdatta Akhawe

Re: CSP Sandbox directive and meta tag - CSP 1.1 (Wednesday, 19 September)

Eric Rescorla

Agenda for September 25 Call (Tuesday, 25 September)

Erlend Oftedal

CSP connect-src and browser plugins (Sunday, 23 September)
RE: CSP Sandbox directive and meta tag - CSP 1.1 (Wednesday, 19 September)
RE: CSP 1.0: relaxing mandated enforcing and monitoring to avoid (Friday, 14 September)
RE: CSP 1.0: relaxing mandated enforcing and monitoring to avoid (Friday, 14 September)
RE: CSP 1.0 browser compliance testing (Thursday, 13 September)
RE: script-tag with html template-content (Monday, 10 September)
RE: script-tag with html template-content (Monday, 10 September)
CSP 1.0 browser compliance testing (Friday, 7 September)

Fred Andrews

RE: CSP 1.0: relaxing mandated enforcing and monitoring to avoid (Sunday, 16 September)
RE: CSP 1.0: relaxing mandated enforcing and monitoring to avoid probing and to avoid content being written to depend on CSP. (Sunday, 16 September)
RE: CSP 1.0: relaxing mandated enforcing and monitoring to avoid (Friday, 14 September)
RE: CSP 1.0: relaxing mandated enforcing and monitoring to avoid probing and to avoid content being written to depend on CSP. (Friday, 14 September)
CSP 1.0: relaxing mandated enforcing and monitoring to avoid probing and to avoid content being written to depend on CSP. (Thursday, 13 September)
UI Safety - input protection obstruction check challenges (Wednesday, 12 September)
RE: New clickjacking research published (Tuesday, 11 September)
RE: New clickjacking research published (Tuesday, 11 September)
Re: New clickjacking research published (Tuesday, 11 September)
Feedback on the Content Security Policy 1.0 (Monday, 10 September)

GALINDO Virginie

Web Crypto WG - Web Crypto API going to FPWD (Monday, 17 September)

Giorgio Maone

Re: unsafe-inline for style-src (Thursday, 20 September)
Re: UI Safety - input protection obstruction check challenges (Wednesday, 12 September)

gopal.raghavan@nokia.com

CORS test status (Tuesday, 25 September)

Hill, Brad

RE: test (Tuesday, 25 September)
RE: Agenda for September 25 Call (Tuesday, 25 September)
CfC: FPWD of UI Safety Directives for CSP (Tuesday, 25 September)
RE: unsafe-inline for style-src (Thursday, 20 September)
RE: CSP 1.0: relaxing mandated enforcing and monitoring to avoid (Monday, 17 September)
[webappsec] "certificates differ" text in CORS (Friday, 14 September)
RE: CSP 1.0: relaxing mandated enforcing and monitoring to avoid (Friday, 14 September)
RE: New clickjacking research published (Wednesday, 12 September)
[webappsec] Agenda for today's WebAppSec WG call (Tuesday, 11 September)
RE: New clickjacking research published (Tuesday, 11 September)
RE: [webappsec] Major update to UI Safety (Tuesday, 11 September)
[webappsec] Major update to UI Safety (Tuesday, 11 September)
[webappsec] Call for Consensus: Content Security Policy 1.0 to Candidate Recommendation (Tuesday, 4 September)

Hodges, Jeff

test (Tuesday, 25 September)

Jacob Rossi

Regrets 9/25 (Tuesday, 25 September)
RE: CSP Sandbox directive and meta tag - CSP 1.1 (Wednesday, 19 September)
RE: CSP Sandbox directive and meta tag - CSP 1.1 (Wednesday, 19 September)
RE: [webappsec] Major update to UI Safety (Tuesday, 11 September)

Kris Krueger

RE: test (Tuesday, 25 September)

Mike West

Re: [CSP] Extensions and user script? (Some feedback) (Tuesday, 25 September)
Re: CSP 1.1: Paths in source list definitions. (Tuesday, 25 September)
Re: CSP 1.1: Paths in source list definitions. (Sunday, 23 September)
Re: unsafe-inline for style-src (Thursday, 20 September)
Re: unsafe-inline for style-src (Tuesday, 18 September)
Re: CSP 1.0: relaxing mandated enforcing and monitoring to avoid probing and to avoid content being written to depend on CSP. (Monday, 17 September)
Re: CSP 1.0 browser compliance testing (Friday, 14 September)
Re: CSP 1.0: relaxing mandated enforcing and monitoring to avoid probing and to avoid content being written to depend on CSP. (Friday, 14 September)
Re: ISSUE-6 comments addressed (Thursday, 13 September)
CSP 1.1: Paths in source list definitions. (Monday, 3 September)
Re: some further Comments on Content Security Policy 1.0 Editor's Draft (Monday, 3 September)

Odin Hørthe Omdal

Re: CORS test status (Tuesday, 25 September)
Re: [CSP] Extensions and user script? (Some feedback) (Tuesday, 25 September)
Re: CSP 1.1: Paths in source list definitions. (Tuesday, 25 September)
Re: CSP 1.0 browser compliance testing (Monday, 10 September)

Oscar Finnsson

script-tag with html template-content (Monday, 10 September)

Tanvi Vyas

Re: CSP 1.1: Paths in source list definitions. (Tuesday, 25 September)
CSP Sandbox directive and meta tag - CSP 1.1 (Tuesday, 18 September)
unsafe-inline for style-src (Tuesday, 18 September)
Re: [webappsec] Call for Consensus: Content Security Policy 1.0 to Candidate Recommendation (Friday, 7 September)

Toni Ruottu

Re: CORS test status (Tuesday, 25 September)
Re: CORS test status (Tuesday, 25 September)

Web Application Security Working Group Issue Tracker

webappsec-ISSUE-19 (Interaction of CSP and IRIs): How are non-ASCII characters handled in CSP (Tuesday, 11 September)
webappsec-ISSUE-18 (CSP as risk assessment score): Use CSP to report app risk and compatibility with user specified restrictions (Tuesday, 11 September)
webappsec-ISSUE-17 (Extension compat): CSP should take into account extensions which modify content (Tuesday, 11 September)
webappsec-ISSUE-16 (CSP informs client, cannot restrict it): Editorial: CSP cannot dictate client behavior, only inform it (Tuesday, 11 September)

Last message date: Saturday, 29 September 2012 04:06:06 UTC