public-webappsec@w3.org from March 2013 by date

Thursday, 28 March 2013

• Re: CSP: set of report URIs Eduardo' Vela
• Re: CSP: set of report URIs Neil Matatall
• Re: CSP: set of report URIs Anne van Kesteren
• RE: CSP: set of report URIs Hill, Brad
• Re: Restricting <base> URLS via CSP Alex Russell

Wednesday, 27 March 2013

• Re: CORS and wildcards. Bjoern Hoehrmann
• CORS and wildcards. Mike West
• Re: Include page http response code in CSP reports? Anne van Kesteren
• Re: Include page http response code in CSP reports? Julian Reschke

Tuesday, 26 March 2013

• Re: Include page http response code in CSP reports? Anne van Kesteren
• Re: Include page http response code in CSP reports? Mike West
• Re: Restricting <base> URLS via CSP Ian Melven
• Re: Restricting <base> URLS via CSP Mike West
• Re: Restricting <base> URLS via CSP Ian Melven
• Re: Restricting <base> URLS via CSP Mike West
• Re: Restricting <base> URLS via CSP Alex Russell
• Re: [webappsec] new draft of UI Security available Anne van Kesteren

Monday, 25 March 2013

• [webappsec] Minutes from 26-Feb teleconference available Hill, Brad
• RE: [webappsec] new draft of UI Security available Hill, Brad
• [webappsec] Agenda for 25-March-2013 Teleconference Hill, Brad
• Re: [webappsec] new draft of UI Security available Anne van Kesteren
• [webappsec] new draft of UI Security available Hill, Brad
• Fwd: minor typo in CORS spec section 6.2? Anne van Kesteren
• Re: Restricting <base> URLS via CSP Mike West

Saturday, 23 March 2013

• Re: CSP: set of report URIs Anne van Kesteren
• Re: SecurityPolicyViolation DOM events. Anne van Kesteren

Wednesday, 20 March 2013

• Re: CSP: set of report URIs Anne van Kesteren
• Re: "form-action" status. Ian Melven
• Re: SecurityPolicyViolation DOM events. Mike West
• Re: SecurityPolicyViolation DOM events. Anne van Kesteren
• "form-action" status. Mike West
• "source-file" vs "source-url" Mike West

Tuesday, 19 March 2013

• Include page http response code in CSP reports? Neil Matatall
• Re: About script-nonce David Bruant
• Re: CSP: set of report URIs Ian Melven
• Re: CSP: set of report URIs Anne van Kesteren
• Re: CSP: set of report URIs Daniel Veditz
• Re: CSP: set of report URIs Anne van Kesteren
• Re: CSP: set of report URIs Mike West
• Re: SecurityPolicyViolation DOM events. Mike West
• Re: Nonces/hashes in source expressions. Yoav Weiss
• Re: SecurityPolicyViolation DOM events. Mike West
• CSP: set of report URIs Anne van Kesteren
• Re: SecurityPolicyViolation DOM events. Anne van Kesteren
• SecurityPolicyViolation DOM events. Mike West
• Re: Nonces/hashes in source expressions. Mike West

Monday, 18 March 2013

• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Ian Melven
• [webappsec] FW: security model of Web Components, etc. - joint work with WebAppSec? Hill, Brad
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Devdatta Akhawe
• RE: Nonces/hashes in source expressions. Hill, Brad
• Re: Nonces/hashes in source expressions. Mike West
• RE: Nonces/hashes in source expressions. Hill, Brad
• Re: Nonces/hashes in source expressions. Mike West
• RE: Nonces/hashes in source expressions. Hill, Brad
• RE: Nonces/hashes in source expressions. Hill, Brad
• RE: Nonces/hashes in source expressions. Hill, Brad
• RE: Nonces/hashes in source expressions. Mike West
• RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Hill, Brad
• RE: Nonces/hashes in source expressions. Mike West
• RE: Nonces/hashes in source expressions. Hill, Brad
• Nonces/hashes in source expressions. Mike West
• Re: CSP: error handling Anne van Kesteren
• Re: CSP: error handling Hill, Brad
• Re: Restricting <base> URLS via CSP Mike West
• Re: About script-nonce Mike West
• Re: CSP - matching a URI against a source expression with no scheme Janusz Majnert
• Re: Canonical paths Mike West
• Re: CSP: error handling Mike West
• Re: CSP - matching a URI against a source expression with no scheme Mike West
• Re: ISSUE-38: Discuss no-mixed-content directive Mike West
• Re: Heads up: proposal moving test repos to GitHub Mike West
• Re: Blank blocked-uris Mike West
• Re: Heads up: proposal moving test repos to GitHub Odin Hørthe Omdal
• Re: Heads up: proposal moving test repos to GitHub Mike West

Friday, 15 March 2013

• Re: security model of Web Components, etc. - joint work with WebAppSec? Arthur Barstow
• Re: security model of Web Components, etc. - joint work with WebAppSec? Charles McCathie Nevile

Thursday, 14 March 2013

• Re: security model of Web Components, etc. - joint work with WebAppSec? Dimitri Glazkov
• RE: security model of Web Components, etc. - joint work with WebAppSec? Hill, Brad
• CSP 1.0 copy&paste error Janusz Majnert

Wednesday, 13 March 2013

• please register for April face-to-face meeting Thomas Roessler
• CSP - matching a URI against a source expression with no scheme Janusz Majnert
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Daniel Veditz

Tuesday, 12 March 2013

• RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] David Ross
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Anne van Kesteren
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Tobias Gondrom
• RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Hill, Brad
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Anne van Kesteren
• Re: URLs Anne van Kesteren
• RE: URLs Hill, Brad
• CSP: URLs Anne van Kesteren
• CSP: error handling Anne van Kesteren

Monday, 11 March 2013

• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Ian Melven
• Re: security model of Web Components, etc. - joint work with WebAppSec? Dimitri Glazkov
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Tobias Gondrom
• [webappsec] Joel Weinberger's thesis on Analysis and Enforcement of Web Application Security Policies Hill, Brad

Saturday, 9 March 2013

• Re: security model of Web Components, etc. - joint work with WebAppSec? Arthur Barstow
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Ian Melven
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Ian Melven

Friday, 8 March 2013

• security model of Web Components, etc. - joint work with WebAppSec? Hill, Brad
• Re: Canonical paths Daniel Veditz
• [webappsec] updated test VM available Hill, Brad

Wednesday, 6 March 2013

• [webappsec] WG survey results Hill, Brad
• RE: Certificate Revocation in Java Hill, Brad
• Certificate Revocation in Java Ben Wilson
• Re: ISSUE-38: Discuss no-mixed-content directive Daniel Veditz
• Re: ISSUE-38: Discuss no-mixed-content directive Adam Barth
• Re: Blank blocked-uris Adam Barth
• RE: [webappsec] Proposed text for jsonp directives Hill, Brad
• Re: [webappsec] Proposed text for jsonp directives Adam Barth

Tuesday, 5 March 2013

• About script-nonce David Bruant
• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Tobias Gondrom
• webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Web Application Security Working Group Issue Tracker
• [webappsec] new draft of UI Security available Hill, Brad

Friday, 1 March 2013

• Canonical paths Nick Krempel
• Re: CSP 1.0: Lax and strict CSS parsing rules Zack Weinberg
• Re: CSP 1.0: Lax and strict CSS parsing rules Tab Atkins Jr.
• CSP 1.0: Lax and strict CSS parsing rules Bjoern Hoehrmann
• Re: Restricting <base> URLS via CSP Alex Russell
• Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented Bjoern Hoehrmann

Last message date: Thursday, 28 March 2013 19:13:59 UTC