from March 2013 by subject

"form-action" status.

"source-file" vs "source-url"

[webappsec] Agenda for 25-March-2013 Teleconference

[webappsec] FW: security model of Web Components, etc. - joint work with WebAppSec?

[webappsec] Joel Weinberger's thesis on Analysis and Enforcement of Web Application Security Policies

[webappsec] Minutes from 26-Feb teleconference available

[webappsec] new draft of UI Security available

[webappsec] Proposed text for jsonp directives

[webappsec] updated test VM available

[webappsec] WG survey results

About script-nonce

Blank blocked-uris

Canonical paths

Certificate Revocation in Java

CORS and wildcards.

CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented

CSP - matching a URI against a source expression with no scheme

CSP 1.0 copy&paste error

CSP 1.0: Lax and strict CSS parsing rules

CSP: error handling

CSP: set of report URIs


Fwd: minor typo in CORS spec section 6.2?

Heads up: proposal moving test repos to GitHub

Include page http response code in CSP reports?

ISSUE-38: Discuss no-mixed-content directive

Nonces/hashes in source expressions.

please register for April face-to-face meeting

Restricting <base> URLS via CSP

security model of Web Components, etc. - joint work with WebAppSec?

SecurityPolicyViolation DOM events.


webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security]

Last message date: Thursday, 28 March 2013 19:13:59 UTC