public-webappsec@w3.org from April 2013 by subject

[Bug 21608] New: 7.2 "Resource Sharing Check" does not specify how to handle a space separated list in Access-Control-Allow-Origin

• bugzilla@jessica.w3.org (Sunday, 7 April)

[filter-effects][css-masking] Move security model for resources to CSP

• Dirk Schulze (Thursday, 11 April)
• Anne van Kesteren (Thursday, 11 April)
• Dirk Schulze (Wednesday, 10 April)
• Robert O'Callahan (Wednesday, 10 April)
• Anne van Kesteren (Wednesday, 10 April)
• Robert O'Callahan (Wednesday, 10 April)
• Daniel Holbert (Tuesday, 9 April)
• Dirk Schulze (Tuesday, 9 April)
• Anne van Kesteren (Tuesday, 9 April)
• Dirk Schulze (Tuesday, 9 April)
• Robert O'Callahan (Tuesday, 9 April)
• Robert O'Callahan (Tuesday, 9 April)
• Anne van Kesteren (Tuesday, 9 April)
• Robert O'Callahan (Tuesday, 9 April)
• Anne van Kesteren (Tuesday, 9 April)
• Bjoern Hoehrmann (Tuesday, 9 April)
• Anne van Kesteren (Monday, 8 April)
• Dirk Schulze (Monday, 8 April)
• Anne van Kesteren (Monday, 8 April)
• Dirk Schulze (Monday, 8 April)
• Anne van Kesteren (Monday, 8 April)
• Dirk Schulze (Monday, 8 April)
• Anne van Kesteren (Monday, 8 April)
• Bjoern Hoehrmann (Saturday, 6 April)
• Anne van Kesteren (Saturday, 6 April)
• Dirk Schulze (Saturday, 6 April)
• Anne van Kesteren (Saturday, 6 April)
• Dirk Schulze (Friday, 5 April)
• Anne van Kesteren (Friday, 5 April)
• Anne van Kesteren (Friday, 5 April)
• Dirk Schulze (Friday, 5 April)
• Mike West (Friday, 5 April)
• Anne van Kesteren (Friday, 5 April)
• Dirk Schulze (Friday, 5 April)

[webapppsec] CfC: UI Security to WD

• Mike West (Thursday, 4 April)
• Hill, Brad (Thursday, 4 April)

[webappsec] Call for Consensus: CSP 1.1 to FPWD

• Adam Barth (Tuesday, 30 April)
• Hill, Brad (Tuesday, 30 April)
• Adam Barth (Tuesday, 30 April)

[webappsec] Call today CANCELLED

• Hill, Brad (Tuesday, 23 April)

[webappsec] CSP 1.0 bug? button type=image and img-src

• Adam Barth (Wednesday, 24 April)
• Yoav Weiss (Wednesday, 24 April)
• Anne van Kesteren (Wednesday, 24 April)
• Adam Barth (Tuesday, 23 April)
• Hill, Brad (Tuesday, 23 April)
• Hill, Brad (Tuesday, 23 April)

[webappsec] Final logistics for F2F April 25-26

• Hill, Brad (Tuesday, 23 April)
• Hill, Brad (Monday, 22 April)

[webappsec] Friday test jam preparation

• Erlend Oftedal (Tuesday, 23 April)
• Hill, Brad (Tuesday, 23 April)

[webappsec] Please register for April F2F

• Hill, Brad (Thursday, 4 April)

[webappsec] Proposed agenda for next week's F2F

• Hill, Brad (Friday, 19 April)

[webappsec] remote participation resources

• Hill, Brad (Thursday, 25 April)

[webappsec] Tomorrow's teleconference CANCELLED

• Hill, Brad (Monday, 8 April)

ACTION-115: Proposal for handling srcdoc

• Devdatta Akhawe (Tuesday, 30 April)
• Adam Barth (Tuesday, 30 April)
• Devdatta Akhawe (Tuesday, 30 April)
• Adam Barth (Tuesday, 30 April)

ACTION-120: Proposal for handling custom elements

• Adam Barth (Tuesday, 30 April)

ACTION-129: plugin-types inherits into plugin documents

• Adam Barth (Tuesday, 30 April)

API coordination with TC39 (ECMAscript)

• Hill, Brad (Friday, 26 April)

Column numbers in violation reports.

• Eduardo' Vela (Sunday, 21 April)
• Adam Barth (Saturday, 20 April)
• Mike West (Saturday, 20 April)

CORS Allow header in preflight response

• Anne van Kesteren (Monday, 22 April)
• Bjoern Hoehrmann (Tuesday, 16 April)
• Pellerin, Clement (Tuesday, 16 April)
• Anne van Kesteren (Tuesday, 16 April)
• Pellerin, Clement (Tuesday, 16 April)

CSP 1.0 copy&paste error

• Adam Barth (Saturday, 20 April)

CSP and `picture`

• Daniel Veditz (Thursday, 25 April)
• Adam Barth (Saturday, 20 April)
• Frederik Braun (Monday, 8 April)
• Yoav Weiss (Saturday, 6 April)

CSP and innerHTML

• Eduardo' Vela (Tuesday, 30 April)
• Hill, Brad (Tuesday, 30 April)
• Eduardo' Vela (Tuesday, 30 April)
• Carson, Cory (Tuesday, 30 April)
• Hill, Brad (Tuesday, 30 April)
• Ian Melven (Tuesday, 30 April)

CSP when external script loads another external script?

• Anne van Kesteren (Friday, 19 April)
• James Marshall (Thursday, 18 April)

CSP within frame constructed with "data:" URI?

• James Marshall (Saturday, 27 April)
• Adam Barth (Saturday, 27 April)
• James Marshall (Saturday, 27 April)

CSP, Remote-Only Mode, and Browser Extensions

• Hill, Brad (Wednesday, 17 April)
• Tom Ritter (Wednesday, 17 April)

Fwd: [filter-effects][css-masking] Move security model for resources to CSP

• Anne van Kesteren (Tuesday, 9 April)
• Anne van Kesteren (Tuesday, 9 April)

Minor edits to CSP 1.1

• Adam Barth (Saturday, 27 April)

Moving our tests to GitHub (same as WebApps)

• Hill, Brad (Thursday, 4 April)
• Odin Hørthe Omdal (Thursday, 4 April)

Please register this week for April 25-26 F2F

• Wendy Seltzer (Wednesday, 3 April)

Regrets (Re: [webappsec] remote participation resources)

• Giorgio Maone (Friday, 26 April)

script-src 'self' https://example.com 'nonce-nc34908WECd8f3'

• Adam Barth (Saturday, 27 April)

Trimming the SecurityPolicy DOM interface

• Eduardo' Vela (Monday, 29 April)
• Ian Melven (Monday, 29 April)
• Eduardo' Vela (Saturday, 27 April)
• Eduardo' Vela (Saturday, 27 April)
• Adam Barth (Saturday, 27 April)
• Devdatta Akhawe (Saturday, 27 April)
• Alex Russell (Saturday, 27 April)
• Adam Barth (Saturday, 27 April)

webappsec-ISSUE-46 (Does nonce make CSP header security-sensitive): Does inclusion of things like nonce make CSP a sensitive header? [CSP 1.1]

• Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-47: Revisit combinations of header and meta tags [CSP 1.1]

• Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-48 (base uri): injection of a <base> tag to change effective location of relative resources [CSP 1.1]

• Adam Barth (Saturday, 27 April)
• Anne van Kesteren (Friday, 26 April)
• Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-49: add http response code to report? [CSP 1.1]

• Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-50: plugin-type directive and media source list for IE CLSID guids [CSP 1.1]

• Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import>

• Hill, Brad (Sunday, 28 April)
• Dimitri Glazkov (Saturday, 27 April)
• Adam Barth (Saturday, 27 April)
• Dimitri Glazkov (Saturday, 27 April)
• Adam Barth (Saturday, 27 April)
• Anne van Kesteren (Thursday, 25 April)
• Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-52 (unsafe DOM API): unsafe attribute requires every handler to check [UI Security]

• Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-53 (UI Security model for composited drawing models): UI Security model for composited drawing models [UI Security]

• Web Application Security Working Group Issue Tracker (Friday, 26 April)

Last message date: Tuesday, 30 April 2013 21:01:51 UTC