W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

Re: [webappsec] POLL: Getting CSP 1.1 to LCWD

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 03 Oct 2013 23:16:12 -0700
Message-ID: <524E5D2C.3020003@mozilla.com>
To: public-webappsec@w3.org
On 9/30/2013 4:23 PM, Brad Hill wrote:
> 1: We should close the feature set of CSP 1.1?  Agree / Disagree

Agree

> 2. We should include the application of 'unsafe-eval' semantics to the
> CSSOM in the core CSP 1.1 feature set? Agree / Disagree

I think I disagree, but I'm not sure exactly what you're proposing here.
Mailing list reference to the proposal?

> 3. We should include the suborigin sandboxing proposal in the core CSP
> 1.1 feature set? Agree / Disagree

Disagree. Like the proposal and would like to consider it in the future.

> 4. We should include the "Session Origin Security" policy in the core
> CSP 1.1 feature set?  Agree / Disagree

Disagree, but would like to continue exploring the proposal for the future.

> 5. We should include the "cookie-scope" policy in the core CSP 1.1
> feature set?  Agree / Disagree

Disagree, but would like to explore in the future.

> 6. We should make changes to core CSP 1.1 behavior (including possibly
> specifying a new directive about user script) as requested by Bug 23357?
>  Agree / Disagree

Disagree

-Dan Veditz, Mozilla



Received on Friday, 4 October 2013 06:16:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:03 UTC