W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: CSP formal objection.

From: Hill, Brad <bhill@paypal.com>
Date: Wed, 29 Jan 2014 19:04:41 +0000
To: Glenn Adams <glenn@skynav.com>
CC: Mike West <mkwst@chromium.org>, Brian Smith <brian@briansmith.org>, "Anne van Kesteren" <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <FFACA47F-15F4-4A4C-ADE3-0B5FE11C2A20@paypal.com>
Thank you, everyone, for working together to a mutually agreeable conclusion.

On Jan 29, 2014, at 8:48 AM, "Glenn Adams" <glenn@skynav.com<mailto:glenn@skynav.com>> wrote:

Yes, that addresses our concern at first order. I will close the bug.

Thanks, Glenn

On Wed, Jan 29, 2014 at 9:15 AM, Mike West <mkwst@chromium.org<mailto:mkwst@chromium.org>> wrote:
I've landed https://github.com/w3c/webappsec/commit/cbfaa8edfadebf21a9c7428242c12e45934d8c55 into the working draft. I believe that addresses the objection. Glenn, do you agree?



On Tue, Jan 28, 2014 at 3:19 PM, Brian Smith <brian@briansmith.org<mailto:brian@briansmith.org>> wrote:
On Tue, Jan 28, 2014 at 12:57 PM, Anne van Kesteren <annevk@annevk.nl<mailto:annevk@annevk.nl>> wrote:
>> On Mon, Jan 27, 2014 at 10:19 AM, Glenn Adams <glenn@skynav.com<mailto:glenn@skynav.com>> wrote:
>>> Option #1
>>> Our preference would be to simply remove the following text from 3.2.3:
>>> "Enforcing a policy should not interfere with the operation of
>>> user-supplied scripts such as third-party user-agent add-ons and JavaScript
>>> bookmarklets."
> This makes the most sense to me. Web standards have no business
> talking about UI-level features.

I also agree. The intent is to protect addon developers and addon
users from having websites disabling their addon functionality. But,
even within Mozilla there isn't complete agreement on how to interpret
that text, and I doubt that there's going to be broad agreement across

Mozilla Networking/Crypto/Security (Necko/NSS/PSM)
Received on Wednesday, 29 January 2014 19:05:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC