public-webappsec@w3.org from October 2013 by author

=JeffH

• Actual Poll vote (was: Reminder: please send your preferences (was: POLL: Getting CSP 1.1 to LCWD)) (Friday, 4 October)

Anne van Kesteren

• Re: [webappsec] UISecurity input protection: same origin or same document? (Thursday, 31 October)
• CSP and cookie header management (Wednesday, 23 October)
• Re: Content-Security-Policy: referrer always (Wednesday, 23 October)
• Re: 'referrer' directive strawman. (Tuesday, 22 October)

Austin William Wright

• Re: [CORS] Clarifying the term "user credentials" (Friday, 11 October)

Bjoern Hoehrmann

• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Saturday, 5 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Saturday, 5 October)

Brad Hill

• Re: [webappsec] UISecurity input protection: same origin or same document? (Thursday, 31 October)
• [webappsec] UISecurity input protection: same origin or same document? (Thursday, 31 October)
• [webappsec] New SVG examples for UISecurity obstruction check (Wednesday, 30 October)
• Re: CSP script hashes, inline and src'd (Monday, 21 October)
• [webappsec] new editor's draft of UISecurity (Friday, 18 October)
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Tuesday, 15 October)
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Monday, 14 October)
• [webappsec] Handling unsafe UI events (Monday, 14 October)
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Monday, 14 October)
• [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Thursday, 10 October)
• [webappsec] Agenda for 8-Oct-2013 Teleconference (Tuesday, 8 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Friday, 4 October)
• [webappsec] Reminder: please send your preferences (Friday, 4 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Thursday, 3 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)

bugzilla@jessica.w3.org

• [Bug 23654] New: Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall (Monday, 28 October)
• [Bug 23653] New: Advice on CORS and caches (Monday, 28 October)

Carson, Cory

• RE: [webappsec] Reminder: please send your preferences (Monday, 7 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Friday, 4 October)
• RE: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• RE: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)

Daniel Veditz

• Re: Behavior when default-src is missing from a CSP (Thursday, 10 October)
• proposal: move frame-options directive out of UI safety spec into CSP 1.1 (Tuesday, 8 October)
• Re: [webappsec] Reminder: please send your preferences (Tuesday, 8 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Friday, 4 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Thursday, 3 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Wednesday, 2 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Wednesday, 2 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)

David Bruant

• Re: [Workers] CSP and SharedWorkers (Tuesday, 1 October)

David Lin-Shung Huang

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Tuesday, 15 October)
• Re: [webappsec] Handling unsafe UI events (Tuesday, 15 October)
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Friday, 11 October)

Devdatta Akhawe

• Re: Updated script hash proposal (non spec text) (Sunday, 20 October)

Eric Rescorla

• Agenda for October 22, 2013 Teleconference (Tuesday, 22 October)

Frederik Braun

• Scripts from Strings: Where is the line? (Saturday, 5 October)

Garrett Robinson

• Re: CSP script hashes, inline and src'd (Saturday, 19 October)
• Re: CSP script hashes, inline and src'd (Saturday, 19 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 8 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Friday, 4 October)

Giorgio Maone

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Saturday, 26 October)
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Tuesday, 22 October)
• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Wednesday, 16 October)
• ERRATA CORRIGE Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD) (Saturday, 5 October)
• Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD) (Saturday, 5 October)

Glenn Adams

• Re: CSP script hashes, inline and src'd (Saturday, 19 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Saturday, 5 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Saturday, 5 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Friday, 4 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Friday, 4 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Thursday, 3 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Thursday, 3 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Wednesday, 2 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Wednesday, 2 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)
• Re: [webappsec] POLL: Getting CSP 1.1 to LCWD (Tuesday, 1 October)

Hill, Brad

• RE: RFC 7034 on HTTP Header Field X-Frame-Options (Monday, 14 October)

Ian Melven

• Re: CSP script hashes, inline and src'd (Monday, 21 October)
• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 (Monday, 21 October)
• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 (Tuesday, 8 October)

Joel Weinberger

• Re: CSP script hashes, inline and src'd (Tuesday, 22 October)
• CSP script hashes, inline and src'd (Friday, 18 October)

John Wong

• Are CSP directives case insensitive? (Monday, 28 October)

Mike West

• 'referrer' directive strawman. (Monday, 21 October)
• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 (Monday, 21 October)
• Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 (Monday, 21 October)
• Re: CSP script hashes, inline and src'd (Monday, 21 October)
• Re: Behavior when default-src is missing from a CSP (Thursday, 10 October)
• Re: [webappsec] Reminder: please send your preferences (Monday, 7 October)

Monsur Hossain

• Re: [CORS] Clarifying the term "user credentials" (Friday, 11 October)

Neil Matatall

• Re: [webappsec] Reminder: please send your preferences (Tuesday, 22 October)
• Re: Updated script hash proposal (non spec text) (Monday, 21 October)
• Re: CSP script hashes, inline and src'd (Monday, 21 October)
• Re: CSP script hashes, inline and src'd (Saturday, 19 October)
• Re: Behavior when default-src is missing from a CSP (Wednesday, 9 October)
• Behavior when default-src is missing from a CSP (Wednesday, 9 October)
• Re: [webappsec] Reminder: please send your preferences (Tuesday, 8 October)

Nottingham, Mark

• Re: [webappsec] Reminder: please send your preferences (Tuesday, 8 October)
• Re: [webappsec] Reminder: please send your preferences (Monday, 7 October)

Odin Hørthe Omdal

• Re: [webappsec] Reminder: please send your preferences (Friday, 4 October)

Robert O'Callahan

• Re: [webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering (Friday, 25 October)

Tanvi Vyas

• Re: CSP script hashes, inline and src'd (Monday, 21 October)

Tobias Gondrom

• FYI: RFC 7034 on HTTP Header Field X-Frame-Options (Monday, 14 October)

Tom Sepez

• Content-Security-Policy: referrer always (Tuesday, 22 October)

Trevor Perrin

• Re: CSP script hashes, inline and src'd (Monday, 21 October)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-55 (input-protection and seamless iframes): How to handle seamless flag for input-protection policies? [UI Security] (Thursday, 31 October)

Wendy Seltzer

• Reminder: Recharter out for review through Oct. 21 (Tuesday, 15 October)

Yoav Weiss

• Re: CSP script hashes, inline and src'd (Saturday, 19 October)

Last message date: Thursday, 31 October 2013 18:19:42 UTC