from April 2014 by subject

[CSP] SVG-in-img implementation difference

[Integrity] Comments/Questions on Subresource Integrity spec

[integrity] What should we hash?

[webappsec] Agenda for Teleconference, 09-April-2014 08:00 PDT

[webappsec] AGENDA: WebAppSec WG Teleconference 23-April-2014 08:00 PDT

[webappsec] FW: Dan Veditz appointed co-chair of Web Application Security Working Group

Canceled: W3C WebAppSec WG Meeting

CORS and Caching (in reverse proxies / CDNs)

CORS and CSRF protection

CSP and mixed content

CSP Bypass Ideas

CSP no-external-navigation

CSP, Blob Workers, and Firefox

CSP, Fetch, and frame-ancestors

CSP, Fetch, and Service Workers

W3C WebAppSec WG Meeting

webappsec-ISSUE-58 (Late binding of CSP): Late binding of CSP policies [CSP 1.1]

webappsec-ISSUE-59 (SVG rules for CSP): Figure out how to use CSP appropriately with SVG modes [CSP 1.1]

webappsec-ISSUE-60 (CSP and META): Injecting META tags can be an interesting bypass technique, possibly [CSP 1.2]

Worker / SharedWorker directive

Last message date: Wednesday, 30 April 2014 16:07:19 UTC