W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2014

Entry Point Regulation (EPR) for web apps

From: David Ross <drx@google.com>
Date: Tue, 5 Aug 2014 11:48:22 -0700
Message-ID: <CAMM+ux7sqp3JNEnGmO6-9Y_Q7wZy4SwUFM99DHmqyBywjUb+ww@mail.gmail.com>
To: public-webappsec@w3.org
I've been working on a project to address XSRF and reflected XSS by
enabling web apps to regulate their entry points.

Blog with more details:
http://randomdross.blogspot.com/2014/08/entry-point-regulation-for-web-apps.html

Code for a Chrome extension implementing EPR:
https://github.com/google/epr

Mike West and I have been talking about spec'ing this out with hooks for
CSP and Fetch.  It would be great to get any comments and feedback from the
webappsec list!

Dave
Received on Wednesday, 6 August 2014 09:20:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:40 UTC