W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2014

Entry Point Regulation (EPR) for web apps

From: David Ross <drx@google.com>
Date: Tue, 5 Aug 2014 11:48:22 -0700
Message-ID: <CAMM+ux7sqp3JNEnGmO6-9Y_Q7wZy4SwUFM99DHmqyBywjUb+ww@mail.gmail.com>
To: public-webappsec@w3.org
I've been working on a project to address XSRF and reflected XSS by
enabling web apps to regulate their entry points.

Blog with more details:

Code for a Chrome extension implementing EPR:

Mike West and I have been talking about spec'ing this out with hooks for
CSP and Fetch.  It would be great to get any comments and feedback from the
webappsec list!

Received on Wednesday, 6 August 2014 09:20:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:40 UTC