public-webappsec@w3.org from April 2013 by thread

CSP and innerHTML Ian Melven (Tuesday, 30 April)

ACTION-115: Proposal for handling srcdoc Adam Barth (Tuesday, 30 April)

ACTION-120: Proposal for handling custom elements Adam Barth (Tuesday, 30 April)

ACTION-129: plugin-types inherits into plugin documents Adam Barth (Tuesday, 30 April)

Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD Adam Barth (Tuesday, 30 April)

script-src 'self' https://example.com 'nonce-nc34908WECd8f3' Adam Barth (Saturday, 27 April)

Trimming the SecurityPolicy DOM interface Adam Barth (Saturday, 27 April)

Minor edits to CSP 1.1 Adam Barth (Saturday, 27 April)

CSP within frame constructed with "data:" URI? James Marshall (Saturday, 27 April)

FW: API coordination with TC39 (ECMAscript) Hill, Brad (Friday, 26 April)

webappsec-ISSUE-53 (UI Security model for composited drawing models): UI Security model for composited drawing models [UI Security] Web Application Security Working Group Issue Tracker (Friday, 26 April)

webappsec-ISSUE-52 (unsafe DOM API): unsafe attribute requires every handler to check [UI Security] Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import> Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-50: plugin-type directive and media source list for IE CLSID guids [CSP 1.1] Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-49: add http response code to report? [CSP 1.1] Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-48 (base uri): injection of a <base> tag to change effective location of relative resources [CSP 1.1] Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-47: Revisit combinations of header and meta tags [CSP 1.1] Web Application Security Working Group Issue Tracker (Thursday, 25 April)

webappsec-ISSUE-46 (Does nonce make CSP header security-sensitive): Does inclusion of things like nonce make CSP a sensitive header? [CSP 1.1] Web Application Security Working Group Issue Tracker (Thursday, 25 April)

[webappsec] remote participation resources Hill, Brad (Thursday, 25 April)

[webappsec] CSP 1.0 bug? button type=image and img-src Hill, Brad (Tuesday, 23 April)

[webappsec] Friday test jam preparation Hill, Brad (Tuesday, 23 April)

[webappsec] Call today CANCELLED Hill, Brad (Tuesday, 23 April)

[webappsec] Final logistics for F2F April 25-26 Hill, Brad (Monday, 22 April)

Re: CSP 1.0 copy&paste error Adam Barth (Saturday, 20 April)

Column numbers in violation reports. Mike West (Saturday, 20 April)

[webappsec] Proposed agenda for next week's F2F Hill, Brad (Friday, 19 April)

CSP when external script loads another external script? James Marshall (Thursday, 18 April)

CSP, Remote-Only Mode, and Browser Extensions Tom Ritter (Wednesday, 17 April)

CORS Allow header in preflight response Pellerin, Clement (Tuesday, 16 April)

Fwd: [filter-effects][css-masking] Move security model for resources to CSP Anne van Kesteren (Tuesday, 9 April)

Fwd: [filter-effects][css-masking] Move security model for resources to CSP Anne van Kesteren (Tuesday, 9 April)

[webappsec] Tomorrow's teleconference CANCELLED Hill, Brad (Monday, 8 April)

[Bug 21608] New: 7.2 "Resource Sharing Check" does not specify how to handle a space separated list in Access-Control-Allow-Origin bugzilla@jessica.w3.org (Sunday, 7 April)

CSP and `picture` Yoav Weiss (Saturday, 6 April)

[filter-effects][css-masking] Move security model for resources to CSP Dirk Schulze (Friday, 5 April)

[webappsec] Please register for April F2F Hill, Brad (Thursday, 4 April)

Moving our tests to GitHub (same as WebApps) Odin Hørthe Omdal (Thursday, 4 April)

[webapppsec] CfC: UI Security to WD Hill, Brad (Thursday, 4 April)

Please register this week for April 25-26 F2F Wendy Seltzer (Wednesday, 3 April)

Last message date: Tuesday, 30 April 2013 21:01:51 UTC