Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] from Deian Stefan on 2014-12-01 (public-webappsec@w3.org from December 2014)

From: Deian Stefan <deian@cs.stanford.edu>
Date: Mon, 01 Dec 2014 14:26:16 -0800
To: Brad Hill <hillbrad@fb.com>, Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>, "public-webappsec\@w3.org" <public-webappsec@w3.org>
Message-ID: <87y4qr0zxz.fsf@stmarks.lan>

Brad Hill <hillbrad@fb.com> writes:

> Deian, thank you and please do.  We always welcome proposed text (from
> group members).

I took a first stab at the normative text for message-src and
message-sink directives. I hope this is a reasonable starting point for
discussion:

https://github.com/w3c/webappsec/pull/101/files

Thanks,
Deian

Received on Monday, 1 December 2014 22:26:49 UTC