public-webappsec@w3.org from March 2013 by thread

CORS and wildcards. Mike West (Wednesday, 27 March)

• Re: CORS and wildcards. Bjoern Hoehrmann (Wednesday, 27 March)

[webappsec] Minutes from 26-Feb teleconference available Hill, Brad (Monday, 25 March)

[webappsec] Agenda for 25-March-2013 Teleconference Hill, Brad (Monday, 25 March)

[webappsec] new draft of UI Security available Hill, Brad (Monday, 25 March)

• Re: [webappsec] new draft of UI Security available Anne van Kesteren (Monday, 25 March)
  • RE: [webappsec] new draft of UI Security available Hill, Brad (Monday, 25 March)
    • Re: [webappsec] new draft of UI Security available Anne van Kesteren (Tuesday, 26 March)

Fwd: minor typo in CORS spec section 6.2? Anne van Kesteren (Monday, 25 March)

"form-action" status. Mike West (Wednesday, 20 March)

• Re: "form-action" status. Ian Melven (Wednesday, 20 March)

"source-file" vs "source-url" Mike West (Wednesday, 20 March)

Include page http response code in CSP reports? Neil Matatall (Tuesday, 19 March)

• Re: Include page http response code in CSP reports? Mike West (Tuesday, 26 March)
  • Re: Include page http response code in CSP reports? Anne van Kesteren (Tuesday, 26 March)
    • Re: Include page http response code in CSP reports? Julian Reschke (Wednesday, 27 March)
      • Re: Include page http response code in CSP reports? Anne van Kesteren (Wednesday, 27 March)

CSP: set of report URIs Anne van Kesteren (Tuesday, 19 March)

• Re: CSP: set of report URIs Mike West (Tuesday, 19 March)
  • Re: CSP: set of report URIs Anne van Kesteren (Tuesday, 19 March)
• Re: CSP: set of report URIs Daniel Veditz (Tuesday, 19 March)
  • Re: CSP: set of report URIs Anne van Kesteren (Tuesday, 19 March)
    • Re: CSP: set of report URIs Ian Melven (Tuesday, 19 March)
      • Re: CSP: set of report URIs Anne van Kesteren (Wednesday, 20 March)
• Re: CSP: set of report URIs Anne van Kesteren (Saturday, 23 March)
  • RE: CSP: set of report URIs Hill, Brad (Thursday, 28 March)
    • Re: CSP: set of report URIs Anne van Kesteren (Thursday, 28 March)
      • Re: CSP: set of report URIs Neil Matatall (Thursday, 28 March)
        • Re: CSP: set of report URIs Eduardo' Vela (Thursday, 28 March)

SecurityPolicyViolation DOM events. Mike West (Tuesday, 19 March)

• Re: SecurityPolicyViolation DOM events. Anne van Kesteren (Tuesday, 19 March)
  • Re: SecurityPolicyViolation DOM events. Mike West (Tuesday, 19 March)
    • Re: SecurityPolicyViolation DOM events. Mike West (Tuesday, 19 March)
      • Re: SecurityPolicyViolation DOM events. Anne van Kesteren (Wednesday, 20 March)
        • Re: SecurityPolicyViolation DOM events. Mike West (Wednesday, 20 March)
          • Re: SecurityPolicyViolation DOM events. Anne van Kesteren (Saturday, 23 March)

[webappsec] FW: security model of Web Components, etc. - joint work with WebAppSec? Hill, Brad (Monday, 18 March)

Nonces/hashes in source expressions. Mike West (Monday, 18 March)

• RE: Nonces/hashes in source expressions. Hill, Brad (Monday, 18 March)
  • RE: Nonces/hashes in source expressions. Mike West (Monday, 18 March)
    • RE: Nonces/hashes in source expressions. Mike West (Monday, 18 March)
      • RE: Nonces/hashes in source expressions. Hill, Brad (Monday, 18 March)
        • RE: Nonces/hashes in source expressions. Hill, Brad (Monday, 18 March)
          • RE: Nonces/hashes in source expressions. Hill, Brad (Monday, 18 March)
            • Re: Nonces/hashes in source expressions. Mike West (Monday, 18 March)
            • RE: Nonces/hashes in source expressions. Hill, Brad (Monday, 18 March)
            • Re: Nonces/hashes in source expressions. Mike West (Monday, 18 March)
            • RE: Nonces/hashes in source expressions. Hill, Brad (Monday, 18 March)
            • Re: Nonces/hashes in source expressions. Mike West (Tuesday, 19 March)
            • Re: Nonces/hashes in source expressions. Yoav Weiss (Tuesday, 19 March)

Re: Heads up: proposal moving test repos to GitHub Mike West (Monday, 18 March)

• Re: Heads up: proposal moving test repos to GitHub Odin Hørthe Omdal (Monday, 18 March)
  • Re: Heads up: proposal moving test repos to GitHub Mike West (Monday, 18 March)

CSP 1.0 copy&paste error Janusz Majnert (Thursday, 14 March)

please register for April face-to-face meeting Thomas Roessler (Wednesday, 13 March)

CSP - matching a URI against a source expression with no scheme Janusz Majnert (Wednesday, 13 March)

• Re: CSP - matching a URI against a source expression with no scheme Mike West (Monday, 18 March)
  • Re: CSP - matching a URI against a source expression with no scheme Janusz Majnert (Monday, 18 March)

CSP: URLs Anne van Kesteren (Tuesday, 12 March)

• RE: URLs Hill, Brad (Tuesday, 12 March)
  • Re: URLs Anne van Kesteren (Tuesday, 12 March)

CSP: error handling Anne van Kesteren (Tuesday, 12 March)

• Re: CSP: error handling Mike West (Monday, 18 March)
  • Re: CSP: error handling Hill, Brad (Monday, 18 March)
    • Re: CSP: error handling Anne van Kesteren (Monday, 18 March)

[webappsec] Joel Weinberger's thesis on Analysis and Enforcement of Web Application Security Policies Hill, Brad (Monday, 11 March)

security model of Web Components, etc. - joint work with WebAppSec? Hill, Brad (Friday, 8 March)

• Re: security model of Web Components, etc. - joint work with WebAppSec? Arthur Barstow (Saturday, 9 March)
  • Re: security model of Web Components, etc. - joint work with WebAppSec? Dimitri Glazkov (Monday, 11 March)
    • RE: security model of Web Components, etc. - joint work with WebAppSec? Hill, Brad (Thursday, 14 March)
      • Re: security model of Web Components, etc. - joint work with WebAppSec? Dimitri Glazkov (Thursday, 14 March)
        • Re: security model of Web Components, etc. - joint work with WebAppSec? Charles McCathie Nevile (Friday, 15 March)
          • Re: security model of Web Components, etc. - joint work with WebAppSec? Arthur Barstow (Friday, 15 March)

[webappsec] updated test VM available Hill, Brad (Friday, 8 March)

[webappsec] WG survey results Hill, Brad (Wednesday, 6 March)

Certificate Revocation in Java Ben Wilson (Wednesday, 6 March)

• RE: Certificate Revocation in Java Hill, Brad (Wednesday, 6 March)

Re: ISSUE-38: Discuss no-mixed-content directive Adam Barth (Wednesday, 6 March)

• Re: ISSUE-38: Discuss no-mixed-content directive Daniel Veditz (Wednesday, 6 March)
  • Re: ISSUE-38: Discuss no-mixed-content directive Mike West (Monday, 18 March)

Re: Blank blocked-uris Adam Barth (Wednesday, 6 March)

• Re: Blank blocked-uris Mike West (Monday, 18 March)

Re: [webappsec] Proposed text for jsonp directives Adam Barth (Wednesday, 6 March)

• RE: [webappsec] Proposed text for jsonp directives Hill, Brad (Wednesday, 6 March)

About script-nonce David Bruant (Tuesday, 5 March)

• Re: About script-nonce Mike West (Monday, 18 March)
  • Re: About script-nonce David Bruant (Tuesday, 19 March)

webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Web Application Security Working Group Issue Tracker (Tuesday, 5 March)

• Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Tobias Gondrom (Tuesday, 5 March)
  • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Ian Melven (Saturday, 9 March)
    • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Ian Melven (Saturday, 9 March)
    • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Tobias Gondrom (Monday, 11 March)
      • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Ian Melven (Monday, 11 March)
        • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Anne van Kesteren (Tuesday, 12 March)
          • RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Hill, Brad (Tuesday, 12 March)
            • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Anne van Kesteren (Tuesday, 12 March)
            • RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] David Ross (Tuesday, 12 March)
            • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Daniel Veditz (Wednesday, 13 March)
            • RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Hill, Brad (Monday, 18 March)
            • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Devdatta Akhawe (Monday, 18 March)
            • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Ian Melven (Monday, 18 March)
          • Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] Tobias Gondrom (Tuesday, 12 March)

[webappsec] new draft of UI Security available Hill, Brad (Tuesday, 5 March)

Canonical paths Nick Krempel (Friday, 1 March)

• Re: Canonical paths Daniel Veditz (Friday, 8 March)
  • Re: Canonical paths Mike West (Monday, 18 March)

CSP 1.0: Lax and strict CSS parsing rules Bjoern Hoehrmann (Friday, 1 March)

• Re: CSP 1.0: Lax and strict CSS parsing rules Tab Atkins Jr. (Friday, 1 March)
  • Re: CSP 1.0: Lax and strict CSS parsing rules Zack Weinberg (Friday, 1 March)

Re: Restricting <base> URLS via CSP Alex Russell (Friday, 1 March)

• Re: Restricting <base> URLS via CSP Mike West (Monday, 18 March)
  • Re: Restricting <base> URLS via CSP Mike West (Monday, 25 March)
    • Re: Restricting <base> URLS via CSP Alex Russell (Tuesday, 26 March)
      • Re: Restricting <base> URLS via CSP Mike West (Tuesday, 26 March)
        • Re: Restricting <base> URLS via CSP Ian Melven (Tuesday, 26 March)
          • Re: Restricting <base> URLS via CSP Mike West (Tuesday, 26 March)
            • Re: Restricting <base> URLS via CSP Ian Melven (Tuesday, 26 March)
            • Re: Restricting <base> URLS via CSP Alex Russell (Thursday, 28 March)

Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented Bjoern Hoehrmann (Friday, 1 March)

Last message date: Thursday, 28 March 2013 19:13:59 UTC