- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Thu, 03 Oct 2013 23:16:12 -0700
- To: public-webappsec@w3.org
- Message-ID: <524E5D2C.3020003@mozilla.com>
On 9/30/2013 4:23 PM, Brad Hill wrote: > 1: We should close the feature set of CSP 1.1? Agree / Disagree Agree > 2. We should include the application of 'unsafe-eval' semantics to the > CSSOM in the core CSP 1.1 feature set? Agree / Disagree I think I disagree, but I'm not sure exactly what you're proposing here. Mailing list reference to the proposal? > 3. We should include the suborigin sandboxing proposal in the core CSP > 1.1 feature set? Agree / Disagree Disagree. Like the proposal and would like to consider it in the future. > 4. We should include the "Session Origin Security" policy in the core > CSP 1.1 feature set? Agree / Disagree Disagree, but would like to continue exploring the proposal for the future. > 5. We should include the "cookie-scope" policy in the core CSP 1.1 > feature set? Agree / Disagree Disagree, but would like to explore in the future. > 6. We should make changes to core CSP 1.1 behavior (including possibly > specifying a new directive about user script) as requested by Bug 23357? > Agree / Disagree Disagree -Dan Veditz, Mozilla
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Friday, 4 October 2013 06:16:46 UTC