public-webappsec@w3.org from July 2014 by thread

[webappsec] 30-July WebAppSec Teleconference CANCELLED Brad Hill (Tuesday, 29 July)

• Re: [webappsec] 30-July WebAppSec Teleconference CANCELLED Mike West (Wednesday, 30 July)
  • Re: [webappsec] 30-July WebAppSec Teleconference CANCELLED Brad Hill (Wednesday, 30 July)
    • Re: [webappsec] 30-July WebAppSec Teleconference CANCELLED Jochen Eisinger (Wednesday, 30 July)

SRI: <a> vs integrity Julian Reschke (Sunday, 27 July)

• Re: SRI: <a> vs integrity Brad Hill (Monday, 28 July)
  • Re: SRI: <a> vs integrity Eduardo Robles Elvira (Monday, 28 July)
    • Re: SRI: <a> vs integrity Hill, Brad (Monday, 28 July)
      • Re: SRI: <a> vs integrity Eduardo Robles Elvira (Monday, 28 July)
        • Re: SRI: <a> vs integrity Chris Palmer (Tuesday, 29 July)
          • Re: SRI: <a> vs integrity Brad Hill (Tuesday, 29 July)
            • Re: SRI: <a> vs integrity Eduardo Robles Elvira (Tuesday, 29 July)
        • Re: SRI: <a> vs integrity Daniel Veditz (Tuesday, 29 July)
          • Re: SRI: <a> vs integrity Brad Hill (Tuesday, 29 July)

img-src and inline <svg> Brad Hill (Friday, 25 July)

• Re: img-src and inline <svg> Mike West (Saturday, 26 July)
• Re: img-src and inline <svg> Anne van Kesteren (Sunday, 27 July)
  • Re: img-src and inline <svg> Glenn Adams (Sunday, 27 July)
    • Re: img-src and inline <svg> Brad Hill (Monday, 28 July)
      • Re: img-src and inline <svg> Anne van Kesteren (Monday, 28 July)

[REFERRER] Where does "Determine request’s Referrer" get its URL from? Ian Hickson (Wednesday, 23 July)

• Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Mike West (Thursday, 24 July)
  • Re: [REFERRER] Where does "Determine request's Referrer" get its URL from? Jochen Eisinger (Thursday, 24 July)
    • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Ian Hickson (Thursday, 24 July)
      • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Mike West (Friday, 25 July)
        • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Ian Hickson (Friday, 25 July)
• Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Anne van Kesteren (Monday, 28 July)
  • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Ian Hickson (Monday, 28 July)
    • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Anne van Kesteren (Tuesday, 29 July)
      • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Ian Hickson (Tuesday, 29 July)
        • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Anne van Kesteren (Wednesday, 30 July)
          • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Ian Hickson (Wednesday, 30 July)
            • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Anne van Kesteren (Thursday, 31 July)
            • Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Ian Hickson (Thursday, 31 July)

"Why is CSP failing? Trends and Challenges in CSP Adoption" Oda, Terri (Wednesday, 23 July)

[Integrity] HTTP/1.1 reference Julian Reschke (Tuesday, 22 July)

[Integrity] Signature based subresource integrity? Daniel Roesler (Monday, 21 July)

• Re: [Integrity] Signature based subresource integrity? Eduardo Robles Elvira (Tuesday, 22 July)
  • Re: [Integrity] Signature based subresource integrity? Daniel Roesler (Tuesday, 22 July)
    • Re: [Integrity] Signature based subresource integrity? Brad Hill (Tuesday, 22 July)

[CSP] Directive to disallow a response from being used as a Service Worker Jeffrey Yasskin (Monday, 21 July)

• Re: [CSP] Directive to disallow a response from being used as a Service Worker Brian Smith (Monday, 21 July)
  • Re: [CSP] Directive to disallow a response from being used as a Service Worker Jeffrey Yasskin (Tuesday, 22 July)
• Re: [CSP] Directive to disallow a response from being used as a Service Worker Mike West (Tuesday, 22 July)
  • Re: [CSP] Directive to disallow a response from being used as a Service Worker Jeffrey Yasskin (Tuesday, 22 July)
    • Re: [CSP] Directive to disallow a response from being used as a Service Worker Devdatta Akhawe (Thursday, 24 July)
      • Re: [CSP] Directive to disallow a response from being used as a Service Worker Mike West (Thursday, 24 July)
        • Re: [CSP] Directive to disallow a response from being used as a Service Worker Jeffrey Yasskin (Thursday, 24 July)
          • Re: [CSP] Directive to disallow a response from being used as a Service Worker Ilya Grigorik (Thursday, 24 July)
            • Re: [CSP] Directive to disallow a response from being used as a Service Worker Jeffrey Yasskin (Sunday, 27 July)
        • Re: [CSP] Directive to disallow a response from being used as a Service Worker Joshua Peek (Thursday, 24 July)
          • Re: [CSP] Directive to disallow a response from being used as a Service Worker Devdatta Akhawe (Thursday, 24 July)
            • Re: [CSP] Directive to disallow a response from being used as a Service Worker Jeffrey Yasskin (Sunday, 27 July)
          • Re: [CSP] Directive to disallow a response from being used as a Service Worker Anne van Kesteren (Tuesday, 29 July)
            • Re: [CSP] Directive to disallow a response from being used as a Service Worker Brad Hill (Tuesday, 29 July)
            • Re: [CSP] Directive to disallow a response from being used as a Service Worker Anne van Kesteren (Tuesday, 29 July)
            • Re: [CSP] Directive to disallow a response from being used as a Service Worker Brad Hill (Tuesday, 29 July)
            • Re: [CSP] Directive to disallow a response from being used as a Service Worker Anne van Kesteren (Tuesday, 29 July)

CfC to publish FPWD on Referrer Policy. Jochen Eisinger (Monday, 21 July)

• Re: CfC to publish FPWD on Referrer Policy. Brad Hill (Monday, 21 July)
  • Re: CfC to publish FPWD on Referrer Policy. Jochen Eisinger (Tuesday, 22 July)

[CSP] Rule referencing Alex Sexton (Wednesday, 16 July)

• Re: [CSP] Rule referencing John Yeuk Hon Wong (Wednesday, 16 July)
  • Re: [CSP] Rule referencing Neil Matatall (Wednesday, 16 July)

Re: CORS and CSRF protection Monsur Hossain (Wednesday, 16 July)

• Re: CORS and CSRF protection Brad Hill (Wednesday, 16 July)
  • Re: CORS and CSRF protection Michal Zalewski (Wednesday, 16 July)
  • Re: CORS and CSRF protection Monsur Hossain (Thursday, 17 July)

WebAppSec WG Teleconference 16-July-2014 08:00 PDT Daniel Veditz (Wednesday, 16 July)

[webappsec] tomorrow's call Brad Hill (Tuesday, 15 July)

Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Tuesday, 15 July)

Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Tuesday, 15 July)

Re: [Bulk] Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Tuesday, 15 July)

Resource integrity transparency Eduardo Robles Elvira (Tuesday, 15 July)

[CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Gregory Huczynski (Tuesday, 15 July)

• Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Glenn Adams (Tuesday, 15 July)
• Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Daniel Veditz (Wednesday, 16 July)

[CSP] Policy direction for bookmarklets/extensions augmenting page-level CSP? Gregory Huczynski (Friday, 11 July)

CSP declarations in html meta tags Caleb Queern (Friday, 11 July)

• Re: CSP declarations in html meta tags Mike West (Friday, 11 July)
  • Re: CSP declarations in html meta tags Caleb Queern (Sunday, 13 July)
    • Re: CSP declarations in html meta tags Mike West (Sunday, 13 July)
      • Re: CSP declarations in html meta tags Caleb Queern (Tuesday, 15 July)

[MIX] Consider all CORS requests "active" Jake Archibald (Thursday, 10 July)

• Re: [MIX] Consider all CORS requests "active" Mike West (Thursday, 10 July)
  • Re: [MIX] Consider all CORS requests "active" Anne van Kesteren (Friday, 11 July)
    • Re: [MIX] Consider all CORS requests "active" Jake Archibald (Friday, 11 July)
• Re: [MIX] Consider all CORS requests "active" Brian Smith (Thursday, 10 July)
  • Re: [MIX] Consider all CORS requests "active" Glenn Adams (Thursday, 10 July)
  • Re: [MIX] Consider all CORS requests "active" Jake Archibald (Friday, 11 July)
    • Re: [MIX] Consider all CORS requests "active" Brian Smith (Tuesday, 22 July)
      • Re: [MIX] Consider all CORS requests "active" Jake Archibald (Tuesday, 22 July)
        • Re: [MIX] Consider all CORS requests "active" Mike West (Tuesday, 22 July)
          • Re: [MIX] Consider all CORS requests "active" Jake Archibald (Tuesday, 22 July)
            • Re: [MIX] Consider all CORS requests "active" Mike West (Tuesday, 22 July)
          • Re: [MIX] Consider all CORS requests "active" Brian Smith (Tuesday, 22 July)

Call for Exclusions: Content Security Policy Level 2 Coralie Mercier (Monday, 7 July)

Mixed Content ED Comments Glenn Adams (Thursday, 3 July)

• Re: Mixed Content ED Comments Mike West (Friday, 4 July)

SRI and CORS Anne van Kesteren (Thursday, 3 July)

• Re: SRI and CORS Mike West (Thursday, 3 July)
  • Re: SRI and CORS Anne van Kesteren (Thursday, 3 July)
    • Re: SRI and CORS Mike West (Thursday, 3 July)
      • Re: SRI and CORS Anne van Kesteren (Thursday, 3 July)
• Re: SRI and CORS Adam Langley (Thursday, 3 July)
  • Re: SRI and CORS Mike West (Thursday, 3 July)
    • Re: SRI and CORS Anne van Kesteren (Thursday, 3 July)
      • Re: SRI and CORS Mike West (Thursday, 3 July)
        • Re: SRI and CORS Anne van Kesteren (Thursday, 3 July)
          • Re: SRI and CORS Mike West (Thursday, 3 July)
          • Re: SRI and CORS Frederik Braun (Thursday, 3 July)
            • Re: SRI and CORS Anne van Kesteren (Thursday, 3 July)
            • Re: SRI and CORS Brad Hill (Wednesday, 16 July)
            • Re: SRI and CORS Anne van Kesteren (Thursday, 17 July)
            • Re: SRI and CORS Frederik Braun (Monday, 21 July)
            • Re: SRI and CORS Anne van Kesteren (Sunday, 27 July)

Re: [MIX] blob URLs Mike West (Thursday, 3 July)

• Re: [MIX] blob URLs Anne van Kesteren (Thursday, 3 July)

Re: CSP 1.1 frameancestors and blobs Mike West (Thursday, 3 July)

• Re: CSP 1.1 frameancestors and blobs Anne van Kesteren (Thursday, 3 July)
  • Re: CSP 1.1 frameancestors and blobs Mike West (Thursday, 3 July)

[SRI] What should we Hash Redux Devdatta Akhawe (Wednesday, 2 July)

• Re: [SRI] What should we Hash Redux Anne van Kesteren (Thursday, 3 July)
  • Re: [SRI] What should we Hash Redux Devdatta Akhawe (Thursday, 3 July)
    • Re: [SRI] What should we Hash Redux Anne van Kesteren (Thursday, 3 July)
      • Re: [SRI] What should we Hash Redux Devdatta Akhawe (Thursday, 3 July)
        • Re: [SRI] What should we Hash Redux Anne van Kesteren (Thursday, 3 July)

Re: PFWG comments on User Interface Security Directives for Content Security Policy Michael Cooper (Wednesday, 2 July)

• Re: PFWG comments on User Interface Security Directives for Content Security Policy Brad Hill (Wednesday, 2 July)

Mixed Content Spec feedback David Walp (Wednesday, 2 July)

• Re: Mixed Content Spec feedback Anne van Kesteren (Wednesday, 2 July)
  • Re: Mixed Content Spec feedback Mike West (Wednesday, 2 July)
• Re: Mixed Content Spec feedback Daniel Kahn Gillmor (Wednesday, 2 July)
• RE: Mixed Content Spec feedback David Walp (Thursday, 3 July)

Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Yoav Weiss (Tuesday, 1 July)

• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Yoav Weiss (Wednesday, 2 July)
  • Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Anne van Kesteren (Wednesday, 2 July)

WebAppSec WG Teleconference 02-July-2014 08:00 PDT Brad Hill (Tuesday, 1 July)

Re: CSP wildcard host matching Frederik Braun (Tuesday, 1 July)

• Re: CSP wildcard host matching Anne van Kesteren (Tuesday, 1 July)
  • Re: CSP wildcard host matching Mike West (Tuesday, 1 July)

Re: Isolated Web Components for a more secure web Eduardo Robles Elvira (Tuesday, 1 July)

• Re: Isolated Web Components for a more secure web Anne van Kesteren (Tuesday, 1 July)
• Re: Isolated Web Components for a more secure web Eduardo' Vela\ (Tuesday, 1 July)

Re: CSP: 'no-external-navigation'? pamela fox (Monday, 30 June)

• Re: CSP: 'no-external-navigation'? pamela fox (Monday, 7 July)
  • Re: CSP: 'no-external-navigation'? Michal Zalewski (Monday, 7 July)
    • Re: CSP: 'no-external-navigation'? Deian Stefan (Monday, 7 July)
      • Re: CSP: 'no-external-navigation'? Mike West (Monday, 7 July)

Last message date: Thursday, 31 July 2014 15:15:04 UTC