public-webappsec@w3.org from October 2013 by date

Thursday, 31 October 2013

• webappsec-ISSUE-55 (input-protection and seamless iframes): How to handle seamless flag for input-protection policies? [UI Security] Web Application Security Working Group Issue Tracker
• Re: [webappsec] UISecurity input protection: same origin or same document? Brad Hill
• Re: [webappsec] UISecurity input protection: same origin or same document? Anne van Kesteren
• [webappsec] UISecurity input protection: same origin or same document? Brad Hill

Wednesday, 30 October 2013

• [webappsec] New SVG examples for UISecurity obstruction check Brad Hill

Monday, 28 October 2013

• Are CSP directives case insensitive? John Wong
• [Bug 23654] New: Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall bugzilla@jessica.w3.org
• [Bug 23653] New: Advice on CORS and caches bugzilla@jessica.w3.org

Saturday, 26 October 2013

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Giorgio Maone

Friday, 25 October 2013

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Robert O'Callahan

Wednesday, 23 October 2013

• CSP and cookie header management Anne van Kesteren
• Re: Content-Security-Policy: referrer always Anne van Kesteren

Tuesday, 22 October 2013

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Giorgio Maone
• Content-Security-Policy: referrer always Tom Sepez
• Agenda for October 22, 2013 Teleconference Eric Rescorla
• Re: [webappsec] Reminder: please send your preferences Neil Matatall
• Re: 'referrer' directive strawman. Anne van Kesteren
• Re: CSP script hashes, inline and src'd Joel Weinberger

Monday, 21 October 2013

• Re: CSP script hashes, inline and src'd Tanvi Vyas
• Re: CSP script hashes, inline and src'd Ian Melven
• 'referrer' directive strawman. Mike West
• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 Ian Melven
• Re: CSP script hashes, inline and src'd Brad Hill
• Re: Updated script hash proposal (non spec text) Neil Matatall
• Re: CSP script hashes, inline and src'd Neil Matatall
• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 Mike West
• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 Mike West
• Re: CSP script hashes, inline and src'd Mike West
• Re: CSP script hashes, inline and src'd Trevor Perrin

Sunday, 20 October 2013

• Re: Updated script hash proposal (non spec text) Devdatta Akhawe

Saturday, 19 October 2013

• Re: CSP script hashes, inline and src'd Yoav Weiss
• Re: CSP script hashes, inline and src'd Garrett Robinson
• Re: CSP script hashes, inline and src'd Garrett Robinson
• Re: CSP script hashes, inline and src'd Neil Matatall
• Re: CSP script hashes, inline and src'd Glenn Adams

Friday, 18 October 2013

• [webappsec] new editor's draft of UISecurity Brad Hill
• CSP script hashes, inline and src'd Joel Weinberger

Wednesday, 16 October 2013

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Giorgio Maone

Tuesday, 15 October 2013

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering David Lin-Shung Huang
• Reminder: Recharter out for review through Oct. 21 Wendy Seltzer
• Re: [webappsec] Handling unsafe UI events David Lin-Shung Huang

Monday, 14 October 2013

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill
• [webappsec] Handling unsafe UI events Brad Hill
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill
• RE: RFC 7034 on HTTP Header Field X-Frame-Options Hill, Brad
• FYI: RFC 7034 on HTTP Header Field X-Frame-Options Tobias Gondrom

Friday, 11 October 2013

• Re: [CORS] Clarifying the term "user credentials" Monsur Hossain
• Re: [CORS] Clarifying the term "user credentials" Austin William Wright
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering David Lin-Shung Huang

Thursday, 10 October 2013

• [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill
• Re: Behavior when default-src is missing from a CSP Daniel Veditz
• Re: Behavior when default-src is missing from a CSP Mike West

Wednesday, 9 October 2013

• Re: Behavior when default-src is missing from a CSP Neil Matatall
• Behavior when default-src is missing from a CSP Neil Matatall

Tuesday, 8 October 2013

• Re: [webappsec] Reminder: please send your preferences Nottingham, Mark
• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 Ian Melven
• proposal: move frame-options directive out of UI safety spec into CSP 1.1 Daniel Veditz
• Re: [webappsec] Reminder: please send your preferences Daniel Veditz
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Garrett Robinson
• [webappsec] Agenda for 8-Oct-2013 Teleconference Brad Hill
• Re: [webappsec] Reminder: please send your preferences Neil Matatall

Monday, 7 October 2013

• RE: [webappsec] Reminder: please send your preferences Carson, Cory
• Re: [webappsec] Reminder: please send your preferences Nottingham, Mark
• Re: [webappsec] Reminder: please send your preferences Mike West

Saturday, 5 October 2013

• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Bjoern Hoehrmann
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• ERRATA CORRIGE Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD) Giorgio Maone
• Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD) Giorgio Maone
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Bjoern Hoehrmann
• Scripts from Strings: Where is the line? Frederik Braun

Friday, 4 October 2013

• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] Reminder: please send your preferences Odin Hørthe Omdal
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Garrett Robinson
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Carson, Cory
• Actual Poll vote (was: Reminder: please send your preferences (was: POLL: Getting CSP 1.1 to LCWD)) =JeffH
• [webappsec] Reminder: please send your preferences Brad Hill

Thursday, 3 October 2013

• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill

Wednesday, 2 October 2013

• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz

Tuesday, 1 October 2013

• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill
• RE: [webappsec] POLL: Getting CSP 1.1 to LCWD Carson, Cory
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Daniel Veditz
• RE: [webappsec] POLL: Getting CSP 1.1 to LCWD Carson, Cory
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Brad Hill
• Re: [Workers] CSP and SharedWorkers David Bruant
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams

Last message date: Thursday, 31 October 2013 18:19:42 UTC