public-webappsec@w3.org from June 2014 by author

=JeffH

• Re: "Mixed Content" draft up for review - HSTS interworking (Tuesday, 3 June)
• Re: "Mixed Content" draft up for review - HSTS primary purpose (Tuesday, 3 June)

Anne van Kesteren

• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? (Monday, 30 June)
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? (Monday, 30 June)
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? (Monday, 30 June)
• Re: CSP wildcard host matching (Sunday, 29 June)
• Re: CSP wildcard host matching (Sunday, 29 June)
• [MIX] blob URLs (Saturday, 28 June)
• Re: Naming things: CSP 1.1 -> CSP level 2? (Tuesday, 24 June)
• Re: Naming things: CSP 1.1 -> CSP level 2? (Tuesday, 24 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Tuesday, 24 June)
• Re: Standardize referrer policy (Thursday, 12 June)
• Re: Standardize referrer policy (Thursday, 12 June)
• Re: Standardize referrer policy (Thursday, 12 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)
• Re: Discuss SVG and CSP for the June 5 SVG teleconference (Thursday, 5 June)
• Re: [CSP] enforcement on non text-html resources (Thursday, 5 June)
• Re: [CSP] enforcement on non text-html resources (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• Re: CORS and null (Tuesday, 3 June)
• Re: "Mixed Content" draft up for review. (Tuesday, 3 June)
• Re: CSP sandboxing and workers (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• CORS and null (Monday, 2 June)
• CSP sandboxing and workers (Sunday, 1 June)

Brad Hill

• Re: PFWG comments on User Interface Security Directives for Content Security Policy (Monday, 30 June)
• Re: CSP wildcard host matching (Monday, 30 June)
• Re: Naming things: CSP 1.1 -> CSP level 2? (Tuesday, 24 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Friday, 20 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 18 June)
• [webappsec] WebAppSec WG Teleconference Agenda 18-June-2014 (Tuesday, 17 June)
• Re: CSP: Problems with referrer and reflected-xss (Friday, 13 June)
• Re: CSP: Problems with referrer and reflected-xss (Friday, 13 June)
• Re: CSP sandboxing and workers (Wednesday, 4 June)
• [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 (Wednesday, 4 June)
• Re: CSP sandboxing and workers (Wednesday, 4 June)
• Re: Remove paths from CSP? (Wednesday, 4 June)
• Re: [MIX] Comments on draft Mixed Content spec (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• [webappsec] Teleconference Agenda: 04-Jun-2014 (Tuesday, 3 June)
• Re: CSP sandboxing and workers (Monday, 2 June)
• Re: CSP sandboxing and workers (Monday, 2 June)

Brian Smith

• Re: CSP: Problems with referrer and reflected-xss (Monday, 16 June)
• Re: CSP: Problems with referrer and reflected-xss (Monday, 16 June)
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) (Friday, 13 June)
• CSP: Problems with referrer and reflected-xss (Friday, 13 June)
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) (Monday, 9 June)
• Re: "Mixed Content" draft up for review. (Tuesday, 3 June)
• Re: "Mixed Content" draft up for review. (Tuesday, 3 June)

bugzilla@jessica.w3.org

• [Bug 26061] New: Improve consistency with CSP 1.1 w.r.t. add-on/extension semantics. (Wednesday, 11 June)

Chris Palmer

• Re: Proposal: Prefer secure origins for powerful new web platform features (Saturday, 28 June)
• Re: Proposal: Prefer secure origins for powerful new web platform features (Friday, 27 June)
• Re: Proposal: Prefer secure origins for powerful new web platform features (Friday, 27 June)
• Proposal: Prefer secure origins for powerful new web platform features (Friday, 27 June)
• Re: Reducing reporting noise (Friday, 20 June)
• Re: CSP: Problems with referrer and reflected-xss (Monday, 16 June)
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) (Friday, 13 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Wednesday, 11 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Wednesday, 11 June)

Coralie Mercier

• Call for Exclusions (Update): Subresource Integrity (Tuesday, 17 June)

Daniel Veditz

• Re: Reducing reporting noise (Friday, 20 June)
• Re: Reducing reporting noise (Friday, 20 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Friday, 20 June)
• Reducing reporting noise (Thursday, 19 June)
• Re: CSP: Problems with referrer and reflected-xss (Wednesday, 18 June)
• Re: Header Policy Vs. Meta tag policy (Thursday, 12 June)
• Re: Header Policy Vs. Meta tag policy (Wednesday, 11 June)
• Re: Header Policy Vs. Meta tag policy (Wednesday, 11 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)

David Dailey

• RE: Agenda, 5 June 2014 SVG WG / WebAppSec WG telcon (Thursday, 5 June)

Devdatta Akhawe

• Re: [CSP] Additional report field: report-only: "true|false" (Thursday, 26 June)
• Re: Reducing reporting noise (Friday, 20 June)
• Re: Header Policy Vs. Meta tag policy (Wednesday, 11 June)
• Re: Header Policy Vs. Meta tag policy (Wednesday, 11 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)

Dirk Schulze

• Re: Discuss SVG and CSP for the June 5 SVG teleconference (Thursday, 5 June)
• Re: Discuss SVG and CSP for the June 5 SVG teleconference (Thursday, 5 June)

Eduardo Robles Elvira

• Isolated Web Components for a more secure web (Saturday, 28 June)

Eduardo' Vela\

• Re: Isolated Web Components for a more secure web (Monday, 30 June)

Erik Dahlström

• Agenda, 5 June 2014 SVG WG / WebAppSec WG telcon (Wednesday, 4 June)
• Re: Discuss SVG and CSP for the June 5 SVG teleconference (Wednesday, 4 June)

Frederik Braun

• Re: [integrity] The noncanonical-src attribute (Friday, 13 June)

Giorgio Maone

• Re: CSP wildcard host matching (Monday, 30 June)
• Re: Regrets ( [webappsec] WebAppSec WG Teleconference Agenda 18-June-2014 ) (Tuesday, 17 June)
• Re: Header Policy Vs. Meta tag policy (Tuesday, 10 June)

Glenn Adams

• Re: Reducing reporting noise (Wednesday, 25 June)
• Re: Reducing reporting noise (Tuesday, 24 June)
• Re: Naming things: CSP 1.1 -> CSP level 2? (Tuesday, 24 June)
• Re: Naming things: CSP 1.1 -> CSP level 2? (Tuesday, 24 June)
• Re: Reducing reporting noise (Friday, 20 June)
• Re: Reducing reporting noise (Thursday, 19 June)
• Re: CSP: Problems with referrer and reflected-xss (Friday, 13 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)

Harald Alvestrand

• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features (Saturday, 28 June)

Hill, Brad

• Re: CSP wildcard host matching (Sunday, 29 June)
• Re: CfC to publish FPWD of Mixed Content. (Wednesday, 25 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Tuesday, 24 June)
• Re: Naming things: CSP 1.1 -> CSP level 2? (Tuesday, 24 June)
• Re: Reducing reporting noise (Friday, 20 June)
• Re: [integrity] The noncanonical-src attribute (Friday, 13 June)
• RE: Standardize referrer policy (Wednesday, 11 June)
• RE: CSP sandboxing and workers (Thursday, 5 June)
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 (Wednesday, 4 June)
• Re: Agenda, 5 June 2014 SVG WG / WebAppSec WG telcon (Wednesday, 4 June)
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 (Wednesday, 4 June)
• Discuss SVG and CSP for the June 5 SVG teleconference (Wednesday, 4 June)

James Graham

• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 (Wednesday, 4 June)

Jeffrey Walton

• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Friday, 6 June)

Jesper Kristensen

• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Sunday, 15 June)

Jochen Eisinger

• Re: Standardize referrer policy (Wednesday, 11 June)
• Re: Standardize referrer policy (Wednesday, 11 June)
• Standardize referrer policy (Wednesday, 11 June)

Joel Weinberger

• Re: Reducing reporting noise (Friday, 20 June)

John Kemp

• Re: Standardize referrer policy (Wednesday, 11 June)
• Re: Standardize referrer policy (Wednesday, 11 June)

Joshua Peek

• Re: CSP: Block redirects by default? (Thursday, 5 June)
• Re: CSP: Block redirects by default? (Thursday, 5 June)

Katharine Berry

• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Wednesday, 11 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Tuesday, 10 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Tuesday, 10 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Friday, 6 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Friday, 6 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Friday, 6 June)

Kevin Hill

• Header Policy Vs. Meta tag policy (Monday, 9 June)
• Header Policy Vs. Meta tag policy (Friday, 6 June)

Michael Cooper

• PFWG comments on User Interface Security Directives for Content Security Policy (Thursday, 19 June)

Michal Zalewski

• Re: CSP: 'no-external-navigation'? (Monday, 30 June)
• Re: CSP: 'no-external-navigation'? (Monday, 30 June)
• Re: Proposal: Prefer secure origins for powerful new web platform features (Friday, 27 June)
• Re: Proposal: Prefer secure origins for powerful new web platform features (Friday, 27 June)

Mike West

• Re: CSP: 'no-external-navigation'? (Monday, 30 June)
• CSP: 'no-external-navigation'? (Monday, 30 June)
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? (Monday, 30 June)
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? (Monday, 30 June)
• [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? (Monday, 30 June)
• Re: CSP wildcard host matching (Monday, 30 June)
• Re: CSP wildcard host matching (Sunday, 29 June)
• Re: CSP wildcard host matching (Sunday, 29 June)
• Re: [CSP] Additional report field: report-only: "true|false" (Thursday, 26 June)
• Re: Reducing reporting noise (Wednesday, 25 June)
• CfC to publish FPWD of Mixed Content. (Wednesday, 25 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Tuesday, 24 June)
• Naming things: CSP 1.1 -> CSP level 2? (Tuesday, 24 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Tuesday, 24 June)
• Re: Reducing reporting noise (Friday, 20 June)
• Re: Reducing reporting noise (Friday, 20 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Friday, 20 June)
• Re: CSP: Problems with referrer and reflected-xss (Tuesday, 17 June)
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) (Monday, 16 June)
• Re: CSP: Problems with referrer and reflected-xss (Monday, 16 June)
• Re: Standardize referrer policy (Thursday, 12 June)
• Re: Standardize referrer policy (Thursday, 12 June)
• Re: Standardize referrer policy (Thursday, 12 June)
• Re: Header Policy Vs. Meta tag policy (Thursday, 12 June)
• Re: Standardize referrer policy (Thursday, 12 June)
• Re: Standardize referrer policy (Wednesday, 11 June)
• Re: Header Policy Vs. Meta tag policy (Wednesday, 11 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Wednesday, 11 June)
• CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)
• Re: Header Policy Vs. Meta tag policy (Wednesday, 11 June)
• Re: CSP: Block redirects by default? (Wednesday, 11 June)
• Re: [MIX]: "Assumed"/"Proven" Terminology. (Wednesday, 11 June)
• Re: Header Policy Vs. Meta tag policy (Wednesday, 11 June)
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) (Tuesday, 10 June)
• Re: Header Policy Vs. Meta tag policy (Tuesday, 10 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Tuesday, 10 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Tuesday, 10 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Friday, 6 June)
• Re: CSP sandboxing and workers (Friday, 6 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Friday, 6 June)
• [MIX]: "Assumed"/"Proven" Terminology. (Re: [MIX]: Expand scope beyond TLS/non-TLS) (Friday, 6 June)
• Re: CSP: Block redirects by default? (Thursday, 5 June)
• Re: CSP sandboxing and workers (Thursday, 5 June)
• Re: Remove paths from CSP? (Thursday, 5 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Thursday, 5 June)
• Re: [MIX] localhost should not be trusted (Thursday, 5 June)
• CSP: Block redirects by default? (Thursday, 5 June)
• Re: Remove paths from CSP? (Thursday, 5 June)
• Re: [CSP] enforcement on non text-html resources (Thursday, 5 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• Re: [MIX] Comments on draft Mixed Content spec (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) (Wednesday, 4 June)
• [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• Re: CSP, Fetch, and frame-ancestors (Wednesday, 4 June)
• Re: CORS and null (Tuesday, 3 June)
• Re: CORS and null (Tuesday, 3 June)
• Re: Remove paths from CSP? (Tuesday, 3 June)
• Re: CSP sandboxing and workers (Tuesday, 3 June)
• [MIX]: 'allow-from' header? (Re: "Mixed Content" draft up for review.) (Tuesday, 3 June)
• [MIX] Checking parent/top (Re: "Mixed Content" draft up for review.) (Tuesday, 3 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: Remove paths from CSP? (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: CSP sandboxing and workers (Sunday, 1 June)

Neil Matatall

• Re: [CSP] Additional report field: report-only: "true|false" (Thursday, 26 June)
• [CSP] Additional report field: report-only: "true|false" (Thursday, 26 June)
• Re: Reducing reporting noise (Friday, 20 June)
• Re: CSP: Block redirects by default? (Thursday, 5 June)
• [CSP] enforcement on non text-html resources (Wednesday, 4 June)

Oda, Terri

• Re: Header Policy Vs. Meta tag policy (Tuesday, 10 June)
• Re: CSP sandboxing and workers (Thursday, 5 June)
• Re: CSP sandboxing and workers (Tuesday, 3 June)

Odin Hørthe Omdal

• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 (Wednesday, 4 June)
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 (Wednesday, 4 June)
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 (Wednesday, 4 June)

Peter Kasting

• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features (Saturday, 28 June)
• Re: [blink-dev] Re: Proposal: Prefer secure origins for powerful new web platform features (Saturday, 28 June)
• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features (Saturday, 28 June)

PhistucK

• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features (Saturday, 28 June)

Rebecca Hauck

• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 (Thursday, 5 June)

Ryan Sleevi

• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features (Saturday, 28 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)

Sid Stamm

• Re: Standardize referrer policy (Thursday, 12 June)
• Re: Standardize referrer policy (Wednesday, 11 June)
• Re: Standardize referrer policy (Wednesday, 11 June)

Sigbjørn Vik

• Re: Proposal: Prefer secure origins for powerful new web platform features (Monday, 30 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)
• Re: CfC to publish a LCWD of CSP 1.1 (Wednesday, 11 June)
• Re: Remove paths from CSP? (Thursday, 5 June)
• Re: Remove paths from CSP? (Thursday, 5 June)
• Re: Remove paths from CSP? (Tuesday, 3 June)
• Re: Remove paths from CSP? (Monday, 2 June)
• Re: Remove paths from CSP? (Monday, 2 June)

Simon Pieters

• Re: [integrity] The noncanonical-src attribute (Monday, 16 June)
• [integrity] The noncanonical-src attribute (Friday, 13 June)

Tanvi Vyas

• Re: Header Policy Vs. Meta tag policy (Tuesday, 10 June)
• [MIX] Comments on draft Mixed Content spec (Wednesday, 4 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-62: is reflected-xss at risk? (Wednesday, 18 June)
• ISSUE-61: Should we mark referrer and reflected-xss as at risk in csp 1.1 lcwd? (Wednesday, 18 June)

Yan Zhu

• Re: Proposal: Prefer secure origins for powerful new web platform features (Friday, 27 June)
• Re: "Mixed Content" draft up for review. (Monday, 2 June)

Zack Weinberg

• Re: [MIX]: "Assumed"/"Proven" Terminology. (Tuesday, 10 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Tuesday, 10 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Monday, 9 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Friday, 6 June)
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) (Friday, 6 June)
• [MIX] localhost should not be trusted (Wednesday, 4 June)

Last message date: Monday, 30 June 2014 23:11:37 UTC