public-webappsec@w3.org from March 2013 by author

Adam Barth

• Re: ISSUE-38: Discuss no-mixed-content directive (Wednesday, 6 March)
• Re: Blank blocked-uris (Wednesday, 6 March)
• Re: [webappsec] Proposed text for jsonp directives (Wednesday, 6 March)

Alex Russell

• Re: Restricting <base> URLS via CSP (Thursday, 28 March)
• Re: Restricting <base> URLS via CSP (Tuesday, 26 March)
• Re: Restricting <base> URLS via CSP (Friday, 1 March)

Anne van Kesteren

• Re: CSP: set of report URIs (Thursday, 28 March)
• Re: Include page http response code in CSP reports? (Wednesday, 27 March)
• Re: Include page http response code in CSP reports? (Tuesday, 26 March)
• Re: [webappsec] new draft of UI Security available (Tuesday, 26 March)
• Re: [webappsec] new draft of UI Security available (Monday, 25 March)
• Fwd: minor typo in CORS spec section 6.2? (Monday, 25 March)
• Re: CSP: set of report URIs (Saturday, 23 March)
• Re: SecurityPolicyViolation DOM events. (Saturday, 23 March)
• Re: CSP: set of report URIs (Wednesday, 20 March)
• Re: SecurityPolicyViolation DOM events. (Wednesday, 20 March)
• Re: CSP: set of report URIs (Tuesday, 19 March)
• Re: CSP: set of report URIs (Tuesday, 19 March)
• CSP: set of report URIs (Tuesday, 19 March)
• Re: SecurityPolicyViolation DOM events. (Tuesday, 19 March)
• Re: CSP: error handling (Monday, 18 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Tuesday, 12 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Tuesday, 12 March)
• Re: URLs (Tuesday, 12 March)
• CSP: URLs (Tuesday, 12 March)
• CSP: error handling (Tuesday, 12 March)

Arthur Barstow

• Re: security model of Web Components, etc. - joint work with WebAppSec? (Friday, 15 March)
• Re: security model of Web Components, etc. - joint work with WebAppSec? (Saturday, 9 March)

Ben Wilson

• Certificate Revocation in Java (Wednesday, 6 March)

Bjoern Hoehrmann

• Re: CORS and wildcards. (Wednesday, 27 March)
• CSP 1.0: Lax and strict CSS parsing rules (Friday, 1 March)
• Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented (Friday, 1 March)

Charles McCathie Nevile

• Re: security model of Web Components, etc. - joint work with WebAppSec? (Friday, 15 March)

Daniel Veditz

• Re: CSP: set of report URIs (Tuesday, 19 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Wednesday, 13 March)
• Re: Canonical paths (Friday, 8 March)
• Re: ISSUE-38: Discuss no-mixed-content directive (Wednesday, 6 March)

David Bruant

• Re: About script-nonce (Tuesday, 19 March)
• About script-nonce (Tuesday, 5 March)

David Ross

• RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Tuesday, 12 March)

Devdatta Akhawe

• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Monday, 18 March)

Dimitri Glazkov

• Re: security model of Web Components, etc. - joint work with WebAppSec? (Thursday, 14 March)
• Re: security model of Web Components, etc. - joint work with WebAppSec? (Monday, 11 March)

Eduardo' Vela

• Re: CSP: set of report URIs (Thursday, 28 March)

Hill, Brad

• RE: CSP: set of report URIs (Thursday, 28 March)
• [webappsec] Minutes from 26-Feb teleconference available (Monday, 25 March)
• RE: [webappsec] new draft of UI Security available (Monday, 25 March)
• [webappsec] Agenda for 25-March-2013 Teleconference (Monday, 25 March)
• [webappsec] new draft of UI Security available (Monday, 25 March)
• [webappsec] FW: security model of Web Components, etc. - joint work with WebAppSec? (Monday, 18 March)
• RE: Nonces/hashes in source expressions. (Monday, 18 March)
• RE: Nonces/hashes in source expressions. (Monday, 18 March)
• RE: Nonces/hashes in source expressions. (Monday, 18 March)
• RE: Nonces/hashes in source expressions. (Monday, 18 March)
• RE: Nonces/hashes in source expressions. (Monday, 18 March)
• RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Monday, 18 March)
• RE: Nonces/hashes in source expressions. (Monday, 18 March)
• Re: CSP: error handling (Monday, 18 March)
• RE: security model of Web Components, etc. - joint work with WebAppSec? (Thursday, 14 March)
• RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Tuesday, 12 March)
• RE: URLs (Tuesday, 12 March)
• [webappsec] Joel Weinberger's thesis on Analysis and Enforcement of Web Application Security Policies (Monday, 11 March)
• security model of Web Components, etc. - joint work with WebAppSec? (Friday, 8 March)
• [webappsec] updated test VM available (Friday, 8 March)
• [webappsec] WG survey results (Wednesday, 6 March)
• RE: Certificate Revocation in Java (Wednesday, 6 March)
• RE: [webappsec] Proposed text for jsonp directives (Wednesday, 6 March)
• [webappsec] new draft of UI Security available (Tuesday, 5 March)

Ian Melven

• Re: Restricting <base> URLS via CSP (Tuesday, 26 March)
• Re: Restricting <base> URLS via CSP (Tuesday, 26 March)
• Re: "form-action" status. (Wednesday, 20 March)
• Re: CSP: set of report URIs (Tuesday, 19 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Monday, 18 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Monday, 11 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Saturday, 9 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Saturday, 9 March)

Janusz Majnert

• Re: CSP - matching a URI against a source expression with no scheme (Monday, 18 March)
• CSP 1.0 copy&paste error (Thursday, 14 March)
• CSP - matching a URI against a source expression with no scheme (Wednesday, 13 March)

Julian Reschke

• Re: Include page http response code in CSP reports? (Wednesday, 27 March)

Mike West

• CORS and wildcards. (Wednesday, 27 March)
• Re: Include page http response code in CSP reports? (Tuesday, 26 March)
• Re: Restricting <base> URLS via CSP (Tuesday, 26 March)
• Re: Restricting <base> URLS via CSP (Tuesday, 26 March)
• Re: Restricting <base> URLS via CSP (Monday, 25 March)
• Re: SecurityPolicyViolation DOM events. (Wednesday, 20 March)
• "form-action" status. (Wednesday, 20 March)
• "source-file" vs "source-url" (Wednesday, 20 March)
• Re: CSP: set of report URIs (Tuesday, 19 March)
• Re: SecurityPolicyViolation DOM events. (Tuesday, 19 March)
• Re: SecurityPolicyViolation DOM events. (Tuesday, 19 March)
• SecurityPolicyViolation DOM events. (Tuesday, 19 March)
• Re: Nonces/hashes in source expressions. (Tuesday, 19 March)
• Re: Nonces/hashes in source expressions. (Monday, 18 March)
• Re: Nonces/hashes in source expressions. (Monday, 18 March)
• RE: Nonces/hashes in source expressions. (Monday, 18 March)
• RE: Nonces/hashes in source expressions. (Monday, 18 March)
• Nonces/hashes in source expressions. (Monday, 18 March)
• Re: Restricting <base> URLS via CSP (Monday, 18 March)
• Re: About script-nonce (Monday, 18 March)
• Re: Canonical paths (Monday, 18 March)
• Re: CSP: error handling (Monday, 18 March)
• Re: CSP - matching a URI against a source expression with no scheme (Monday, 18 March)
• Re: ISSUE-38: Discuss no-mixed-content directive (Monday, 18 March)
• Re: Heads up: proposal moving test repos to GitHub (Monday, 18 March)
• Re: Blank blocked-uris (Monday, 18 March)
• Re: Heads up: proposal moving test repos to GitHub (Monday, 18 March)

Neil Matatall

• Re: CSP: set of report URIs (Thursday, 28 March)
• Include page http response code in CSP reports? (Tuesday, 19 March)

Nick Krempel

• Canonical paths (Friday, 1 March)

Odin Hørthe Omdal

• Re: Heads up: proposal moving test repos to GitHub (Monday, 18 March)

Tab Atkins Jr.

• Re: CSP 1.0: Lax and strict CSS parsing rules (Friday, 1 March)

Thomas Roessler

• please register for April face-to-face meeting (Wednesday, 13 March)

Tobias Gondrom

• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Tuesday, 12 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Monday, 11 March)
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Tuesday, 5 March)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] (Tuesday, 5 March)

Yoav Weiss

• Re: Nonces/hashes in source expressions. (Tuesday, 19 March)

Zack Weinberg

• Re: CSP 1.0: Lax and strict CSS parsing rules (Friday, 1 March)

Last message date: Thursday, 28 March 2013 19:13:59 UTC