public-webappsec@w3.org from July 2014 by subject

"Why is CSP failing? Trends and Challenges in CSP Adoption"

• Oda, Terri (Wednesday, 23 July)

[blink-dev] Proposal: Prefer secure origins for powerful new web platform features

• Chris Palmer (Tuesday, 15 July)

[Bulk] Proposal: Prefer secure origins for powerful new web platform features

• Chris Palmer (Tuesday, 15 July)

[CSP] Directive to disallow a response from being used as a Service Worker

• Anne van Kesteren (Tuesday, 29 July)
• Brad Hill (Tuesday, 29 July)
• Anne van Kesteren (Tuesday, 29 July)
• Brad Hill (Tuesday, 29 July)
• Anne van Kesteren (Tuesday, 29 July)
• Jeffrey Yasskin (Sunday, 27 July)
• Jeffrey Yasskin (Sunday, 27 July)
• Devdatta Akhawe (Thursday, 24 July)
• Joshua Peek (Thursday, 24 July)
• Ilya Grigorik (Thursday, 24 July)
• Jeffrey Yasskin (Thursday, 24 July)
• Mike West (Thursday, 24 July)
• Devdatta Akhawe (Thursday, 24 July)
• Jeffrey Yasskin (Tuesday, 22 July)
• Mike West (Tuesday, 22 July)
• Jeffrey Yasskin (Tuesday, 22 July)
• Brian Smith (Monday, 21 July)
• Jeffrey Yasskin (Monday, 21 July)

[CSP] Policy direction for bookmarklets/extensions augmenting page-level CSP?

• Gregory Huczynski (Friday, 11 July)

[CSP] Request to amend bookmarklet/extensions sentence in CSP1.1

• Daniel Veditz (Wednesday, 16 July)
• Glenn Adams (Tuesday, 15 July)
• Gregory Huczynski (Tuesday, 15 July)

[CSP] Rule referencing

• Neil Matatall (Wednesday, 16 July)
• John Yeuk Hon Wong (Wednesday, 16 July)
• Alex Sexton (Wednesday, 16 July)

[Integrity] HTTP/1.1 reference

• Julian Reschke (Tuesday, 22 July)

[Integrity] Signature based subresource integrity?

• Brad Hill (Tuesday, 22 July)
• Daniel Roesler (Tuesday, 22 July)
• Eduardo Robles Elvira (Tuesday, 22 July)
• Daniel Roesler (Monday, 21 July)

[MIX] blob URLs

• Anne van Kesteren (Thursday, 3 July)
• Mike West (Thursday, 3 July)

[MIX] Consider all CORS requests "active"

• Brian Smith (Tuesday, 22 July)
• Mike West (Tuesday, 22 July)
• Jake Archibald (Tuesday, 22 July)
• Mike West (Tuesday, 22 July)
• Jake Archibald (Tuesday, 22 July)
• Brian Smith (Tuesday, 22 July)
• Jake Archibald (Friday, 11 July)
• Jake Archibald (Friday, 11 July)
• Anne van Kesteren (Friday, 11 July)
• Glenn Adams (Thursday, 10 July)
• Brian Smith (Thursday, 10 July)
• Mike West (Thursday, 10 July)
• Jake Archibald (Thursday, 10 July)

[MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`?

• Anne van Kesteren (Wednesday, 2 July)
• Yoav Weiss (Wednesday, 2 July)
• Yoav Weiss (Tuesday, 1 July)

[REFERRER] Where does "Determine request's Referrer" get its URL from?

• Jochen Eisinger (Thursday, 24 July)

[REFERRER] Where does "Determine request’s Referrer" get its URL from?

• Ian Hickson (Thursday, 31 July)
• Anne van Kesteren (Thursday, 31 July)
• Ian Hickson (Wednesday, 30 July)
• Anne van Kesteren (Wednesday, 30 July)
• Ian Hickson (Tuesday, 29 July)
• Anne van Kesteren (Tuesday, 29 July)
• Ian Hickson (Monday, 28 July)
• Anne van Kesteren (Monday, 28 July)
• Ian Hickson (Friday, 25 July)
• Mike West (Friday, 25 July)
• Ian Hickson (Thursday, 24 July)
• Mike West (Thursday, 24 July)
• Ian Hickson (Wednesday, 23 July)

[SRI] What should we Hash Redux

• Anne van Kesteren (Thursday, 3 July)
• Devdatta Akhawe (Thursday, 3 July)
• Anne van Kesteren (Thursday, 3 July)
• Devdatta Akhawe (Thursday, 3 July)
• Anne van Kesteren (Thursday, 3 July)
• Devdatta Akhawe (Wednesday, 2 July)

[webappsec] 30-July WebAppSec Teleconference CANCELLED

• Jochen Eisinger (Wednesday, 30 July)
• Brad Hill (Wednesday, 30 July)
• Mike West (Wednesday, 30 July)
• Brad Hill (Tuesday, 29 July)

[webappsec] tomorrow's call

• Brad Hill (Tuesday, 15 July)

Call for Exclusions: Content Security Policy Level 2

• Coralie Mercier (Monday, 7 July)

CfC to publish FPWD on Referrer Policy.

• Jochen Eisinger (Tuesday, 22 July)
• Brad Hill (Monday, 21 July)
• Jochen Eisinger (Monday, 21 July)

CORS and CSRF protection

• Monsur Hossain (Thursday, 17 July)
• Michal Zalewski (Wednesday, 16 July)
• Brad Hill (Wednesday, 16 July)
• Monsur Hossain (Wednesday, 16 July)

CSP 1.1 frameancestors and blobs

• Mike West (Thursday, 3 July)
• Anne van Kesteren (Thursday, 3 July)
• Mike West (Thursday, 3 July)

CSP declarations in html meta tags

• Caleb Queern (Tuesday, 15 July)
• Mike West (Sunday, 13 July)
• Caleb Queern (Sunday, 13 July)
• Mike West (Friday, 11 July)
• Caleb Queern (Friday, 11 July)

CSP wildcard host matching

• Mike West (Tuesday, 1 July)
• Anne van Kesteren (Tuesday, 1 July)
• Frederik Braun (Tuesday, 1 July)

CSP: 'no-external-navigation'?

• Deian Stefan (Monday, 7 July)
• Mike West (Monday, 7 July)
• Michal Zalewski (Monday, 7 July)
• pamela fox (Monday, 7 July)
• pamela fox (Monday, 30 June)

img-src and inline <svg>

• Anne van Kesteren (Monday, 28 July)
• Brad Hill (Monday, 28 July)
• Glenn Adams (Sunday, 27 July)
• Anne van Kesteren (Sunday, 27 July)
• Mike West (Saturday, 26 July)
• Brad Hill (Friday, 25 July)

Isolated Web Components for a more secure web

• Eduardo' Vela\ (Tuesday, 1 July)
• Anne van Kesteren (Tuesday, 1 July)
• Eduardo Robles Elvira (Tuesday, 1 July)

Mixed Content ED Comments

• Mike West (Friday, 4 July)
• Glenn Adams (Thursday, 3 July)

Mixed Content Spec feedback

• David Walp (Thursday, 3 July)
• Daniel Kahn Gillmor (Wednesday, 2 July)
• Mike West (Wednesday, 2 July)
• Anne van Kesteren (Wednesday, 2 July)
• David Walp (Wednesday, 2 July)

PFWG comments on User Interface Security Directives for Content Security Policy

• Brad Hill (Wednesday, 2 July)
• Michael Cooper (Wednesday, 2 July)

Proposal: Prefer secure origins for powerful new web platform features

• Chris Palmer (Tuesday, 15 July)

Resource integrity transparency

• Eduardo Robles Elvira (Tuesday, 15 July)

SRI and CORS

• Anne van Kesteren (Sunday, 27 July)
• Frederik Braun (Monday, 21 July)
• Anne van Kesteren (Thursday, 17 July)
• Brad Hill (Wednesday, 16 July)
• Anne van Kesteren (Thursday, 3 July)
• Frederik Braun (Thursday, 3 July)
• Mike West (Thursday, 3 July)
• Anne van Kesteren (Thursday, 3 July)
• Mike West (Thursday, 3 July)
• Anne van Kesteren (Thursday, 3 July)
• Mike West (Thursday, 3 July)
• Adam Langley (Thursday, 3 July)
• Anne van Kesteren (Thursday, 3 July)
• Mike West (Thursday, 3 July)
• Anne van Kesteren (Thursday, 3 July)
• Mike West (Thursday, 3 July)
• Anne van Kesteren (Thursday, 3 July)

SRI: <a> vs integrity

• Brad Hill (Tuesday, 29 July)
• Daniel Veditz (Tuesday, 29 July)
• Eduardo Robles Elvira (Tuesday, 29 July)
• Brad Hill (Tuesday, 29 July)
• Chris Palmer (Tuesday, 29 July)
• Eduardo Robles Elvira (Monday, 28 July)
• Hill, Brad (Monday, 28 July)
• Eduardo Robles Elvira (Monday, 28 July)
• Brad Hill (Monday, 28 July)
• Julian Reschke (Sunday, 27 July)

WebAppSec WG Teleconference 02-July-2014 08:00 PDT

• Brad Hill (Tuesday, 1 July)

WebAppSec WG Teleconference 16-July-2014 08:00 PDT

• Daniel Veditz (Wednesday, 16 July)

Last message date: Thursday, 31 July 2014 15:15:04 UTC