from December 2014 by subject

[blink-dev] Proposal: Marking HTTP As Non-Secure

[blink-dev] Re: Proposal: Marking HTTP As Non-Secure

[CSP3] Allow paths without a domain

[CSP3] Allow plugin-types "none"

[CSP3] Please define the encoding used for violation reports

[CSP] different perspective on Report-Only

[CSP] How to interpret 'self' in a sandboxed iframe

[MIX] PF comments on Mixed Content - accessible indication and user controls

[POWER] New vs Legacy functionality (Re: "Requirements for Powerful Features" strawman.)

[REFERRER] Combination of referrer directive values

[REFERRER] feedback - Editorial comment: s/referer/Referer/g

[REFERRER][CSP] Improving the Web Platform's Referrer Policy

[SRI] providing good defaults when the expected content type is missing?

[SRI] Towards v1 - do we need error reporting?

[SRI] Towards v1 - do we need fallback/noncanonical-src?

[SRI] unsupported hashes and invalid metadata

[webappsec] Cancel today's call?

[webappsec] Clarifying how CSP sandboxing applies to Workers, ServiceWorkers

[webappsec] Dec 1, Thread 1: Rechartering

[webappsec] Dec 1, Thread 2: Powerful Features

[webappsec] Dec 1, Thread 3: post-Last Call issues in CSP Level 2

[webappsec] Next WebAppSec teleconference

[webappsec] Teleconference Agenda, Monday 14-Dec-2014

AW: [CSP] different perspective on Report-Only

Call for Exclusions: Requirements for Powerful Features

Comments on Mixed Content

Draft finding - "Transitioning the Web to HTTPS"

Fwd: Proposed W3C Charter: Web Application Security Working Group (Call for Review)

Marking HTTP As Non-Secure

MIX: Exiting last call?

postMessage, workers and sandboxing

Proposal: Marking HTTP As Non-Secure

Public Key Pinning (was Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure)

Reminder: today's webappsec teleconference CANCELED

Security UI Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure

Service Workers and MIX (was Re: MIX: Exiting last call?)

snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"

Strict mixed content checking (was Re: MIX: Exiting last call?)

webappsec-ACTION-208: Take charter to w3m for review

webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]

webappsec-ISSUE-73 (CSP path matching): Consider allowing relative paths (to 'self') in source productions [CSP Level 3]

webappsec-ISSUE-74 (plugin-types 'none'): allow explicitly setting the 'none' keyword source for plugin-type directive [CSP Level 3]

Why not DNS records Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure

Last message date: Tuesday, 30 December 2014 23:07:32 UTC