=JeffH
Adam Barth
- Re: Restricting <base> URLS via CSP
- Re: No scheme in policy: Errors for either scheme
- Re: ISSUE-32: Do we specify that path-specificity applies only to hierarchical URI schemes?
- Re: [webappsec] Handling custom elements in CSP
Alex Russell
Ben Wilson
Bjoern Hoehrmann
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: Action-92: Propose spec text to resolve ISSUE-32
- Re: Blank blocked-uris
Boris Zbarsky
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
Bryan McQuade
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
bugzilla@jessica.w3.org
Daniel Veditz
- Action-92: Propose spec text to resolve ISSUE-32
- Re: Do we need Connectors between javascript and security software at personal device?
- Re: No scheme in policy: Errors for either scheme
- Re: ISSUE-38: Discuss no-mixed-content directive
David Ross
Devdatta Akhawe
Eric Chen
Eric Rescorla
Giorgio Maone
Hill, Brad
- [webappsec] March 12 teleconference CANCELLED due to conflict with IETF
- [webappsec] minutes available
- RE: Feedback on UI Safety draft
- RE: Agenda for Feb 26 Call
- RE: Why no fragment part in CSP-report document-uri?
- RE: CSP script hashes
- [webappsec] WG satisfaction survey
- [webappsec] UI Security, allow-from values
- RE: CSP script hashes
- [webappsec] Agenda for 12-Feb-2013 WebAppSec Teleconference
- RE: CSP script hashes
- RE: Blank blocked-uris
- [webappsec] Handling custom elements in CSP
Ian Jacobs
Ian Melven
Jacob Hoffman-Andrews
John Wilander
- Re: Why no fragment part in CSP-report document-uri?
- Why no fragment part in CSP-report document-uri?
Mike West
Mountie Lee
- Re: ISSUE-44: Same-origin policy identity query via script-hash. issue is you do a third party inline script with a known script-hash. if it succeeds, you know that the target was as expected, even though you can't read it
- Do we need Connectors between javascript and security software at personal device?
- Re: CSP script hashes
- Re: CSP script hashes
Neil Matatall
- Re: No scheme in policy: Errors for either scheme
- Re: No scheme in policy: Errors for either scheme
- No scheme in policy: Errors for either scheme
- Re: ISSUE-38: Discuss no-mixed-content directive
- Re: Blank blocked-uris
- RE: ISSUE-38: Discuss no-mixed-content directive
- Blank blocked-uris
Nicholas Green
- Proposal for script-hash directive in CSP 1.1
- W3C account
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- CSP script hashes
Odin Hørthe Omdal
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
Pellerin, Clement
Web Application Security Working Group Issue Tracker
- ISSUE-44: Same-origin policy identity query via script-hash. issue is you do a third party inline script with a known script-hash. if it succeeds, you know that the target was as expected, even though you can't read it
- webappsec-ISSUE-43 (Custom Elements in CSP 1.1): How are custom elements handled in CSP 1.1? [CSP 1.1]
- webappsec-ISSUE-42 (CSS Nonce): Script-nonce allows inline script, similar treatment for inline css?