public-webappsec@w3.org from June 2014 by date

Monday, 30 June 2014

• Re: CSP: 'no-external-navigation'? Michal Zalewski
• Re: PFWG comments on User Interface Security Directives for Content Security Policy Brad Hill
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Anne van Kesteren
• Re: CSP: 'no-external-navigation'? Mike West
• Re: CSP: 'no-external-navigation'? Michal Zalewski
• CSP: 'no-external-navigation'? Mike West
• Re: CSP wildcard host matching Brad Hill
• Re: Isolated Web Components for a more secure web Eduardo' Vela\
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Mike West
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Anne van Kesteren
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Mike West
• Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Anne van Kesteren
• [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Mike West

Saturday, 28 June 2014

• Isolated Web Components for a more secure web Eduardo Robles Elvira

Monday, 30 June 2014

• Re: CSP wildcard host matching Giorgio Maone
• Re: Proposal: Prefer secure origins for powerful new web platform features Sigbjørn Vik
• Re: CSP wildcard host matching Mike West

Sunday, 29 June 2014

• Re: CSP wildcard host matching Hill, Brad
• Re: CSP wildcard host matching Anne van Kesteren
• Re: CSP wildcard host matching Mike West
• Re: CSP wildcard host matching Anne van Kesteren
• Re: CSP wildcard host matching Mike West

Saturday, 28 June 2014

• [MIX] blob URLs Anne van Kesteren
• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features Harald Alvestrand
• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features PhistucK
• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features Peter Kasting
• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features Ryan Sleevi
• Re: [blink-dev] Re: Proposal: Prefer secure origins for powerful new web platform features Peter Kasting
• Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features Peter Kasting
• Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer

Friday, 27 June 2014

• Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer
• Re: Proposal: Prefer secure origins for powerful new web platform features Michal Zalewski
• Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer
• Re: Proposal: Prefer secure origins for powerful new web platform features Yan Zhu
• Re: Proposal: Prefer secure origins for powerful new web platform features Michal Zalewski
• Proposal: Prefer secure origins for powerful new web platform features Chris Palmer

Thursday, 26 June 2014

• Re: [CSP] Additional report field: report-only: "true|false" Neil Matatall
• Re: [CSP] Additional report field: report-only: "true|false" Mike West
• Re: [CSP] Additional report field: report-only: "true|false" Devdatta Akhawe
• [CSP] Additional report field: report-only: "true|false" Neil Matatall

Wednesday, 25 June 2014

• Re: CfC to publish FPWD of Mixed Content. Hill, Brad
• Re: Reducing reporting noise Glenn Adams
• Re: Reducing reporting noise Mike West
• CfC to publish FPWD of Mixed Content. Mike West

Tuesday, 24 June 2014

• Re: Reducing reporting noise Glenn Adams
• Re: CfC to publish a LCWD of CSP 1.1 Hill, Brad
• Re: Naming things: CSP 1.1 -> CSP level 2? Glenn Adams
• Re: Naming things: CSP 1.1 -> CSP level 2? Anne van Kesteren
• Re: Naming things: CSP 1.1 -> CSP level 2? Brad Hill
• Re: Naming things: CSP 1.1 -> CSP level 2? Anne van Kesteren
• Re: Naming things: CSP 1.1 -> CSP level 2? Hill, Brad
• Re: CfC to publish a LCWD of CSP 1.1 Anne van Kesteren
• Re: CfC to publish a LCWD of CSP 1.1 Mike West
• Re: Naming things: CSP 1.1 -> CSP level 2? Glenn Adams
• Naming things: CSP 1.1 -> CSP level 2? Mike West
• Re: CfC to publish a LCWD of CSP 1.1 Mike West

Friday, 20 June 2014

• Re: Reducing reporting noise Daniel Veditz
• Re: Reducing reporting noise Chris Palmer
• Re: Reducing reporting noise Joel Weinberger
• Re: Reducing reporting noise Hill, Brad
• Re: Reducing reporting noise Devdatta Akhawe
• Re: Reducing reporting noise Daniel Veditz
• Re: CfC to publish a LCWD of CSP 1.1 Daniel Veditz
• Re: CfC to publish a LCWD of CSP 1.1 Brad Hill
• Re: Reducing reporting noise Glenn Adams
• Re: Reducing reporting noise Mike West
• Re: Reducing reporting noise Mike West
• Re: CfC to publish a LCWD of CSP 1.1 Mike West
• Re: Reducing reporting noise Neil Matatall

Thursday, 19 June 2014

• Re: Reducing reporting noise Glenn Adams
• Reducing reporting noise Daniel Veditz
• PFWG comments on User Interface Security Directives for Content Security Policy Michael Cooper

Wednesday, 18 June 2014

• Re: CfC to publish a LCWD of CSP 1.1 Brad Hill
• webappsec-ISSUE-62: is reflected-xss at risk? Web Application Security Working Group Issue Tracker
• ISSUE-61: Should we mark referrer and reflected-xss as at risk in csp 1.1 lcwd? Web Application Security Working Group Issue Tracker
• Re: CSP: Problems with referrer and reflected-xss Daniel Veditz

Tuesday, 17 June 2014

• Re: Regrets ( [webappsec] WebAppSec WG Teleconference Agenda 18-June-2014 ) Giorgio Maone
• [webappsec] WebAppSec WG Teleconference Agenda 18-June-2014 Brad Hill
• Call for Exclusions (Update): Subresource Integrity Coralie Mercier
• Re: CSP: Problems with referrer and reflected-xss Mike West

Monday, 16 June 2014

• Re: CSP: Problems with referrer and reflected-xss Chris Palmer
• Re: [integrity] The noncanonical-src attribute Simon Pieters
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) Mike West
• Re: CSP: Problems with referrer and reflected-xss Brian Smith
• Re: CSP: Problems with referrer and reflected-xss Brian Smith
• Re: CSP: Problems with referrer and reflected-xss Mike West

Sunday, 15 June 2014

• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Jesper Kristensen

Friday, 13 June 2014

• Re: [integrity] The noncanonical-src attribute Hill, Brad
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) Chris Palmer
• Re: [integrity] The noncanonical-src attribute Frederik Braun
• [integrity] The noncanonical-src attribute Simon Pieters
• Re: CSP: Problems with referrer and reflected-xss Brad Hill
• Re: CSP: Problems with referrer and reflected-xss Brad Hill
• Re: CSP: Problems with referrer and reflected-xss Glenn Adams
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) Brian Smith
• CSP: Problems with referrer and reflected-xss Brian Smith

Thursday, 12 June 2014

• Re: Header Policy Vs. Meta tag policy Daniel Veditz
• Re: Standardize referrer policy Sid Stamm
• Re: Standardize referrer policy Mike West
• Re: Standardize referrer policy Mike West
• Re: Standardize referrer policy Anne van Kesteren
• Re: Standardize referrer policy Mike West
• Re: Standardize referrer policy Anne van Kesteren
• Re: Standardize referrer policy Anne van Kesteren

Wednesday, 11 June 2014

• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Chris Palmer
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Chris Palmer

Thursday, 12 June 2014

• Re: Header Policy Vs. Meta tag policy Mike West
• Re: Standardize referrer policy Mike West

Wednesday, 11 June 2014

• Re: Standardize referrer policy Sid Stamm
• RE: Standardize referrer policy Hill, Brad
• Re: Standardize referrer policy Sid Stamm
• Re: Header Policy Vs. Meta tag policy Devdatta Akhawe
• Re: Standardize referrer policy Jochen Eisinger
• Re: Standardize referrer policy John Kemp
• Re: Standardize referrer policy Jochen Eisinger
• Re: Standardize referrer policy John Kemp
• Re: Standardize referrer policy Mike West
• Standardize referrer policy Jochen Eisinger
• Re: Header Policy Vs. Meta tag policy Mike West
• Re: Header Policy Vs. Meta tag policy Devdatta Akhawe
• Re: Header Policy Vs. Meta tag policy Daniel Veditz
• [Bug 26061] New: Improve consistency with CSP 1.1 w.r.t. add-on/extension semantics. bugzilla@jessica.w3.org
• Re: CfC to publish a LCWD of CSP 1.1 Glenn Adams
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Katharine Berry
• Re: CfC to publish a LCWD of CSP 1.1 Anne van Kesteren
• Re: CfC to publish a LCWD of CSP 1.1 Mike West
• Re: CfC to publish a LCWD of CSP 1.1 Mike West
• Re: CfC to publish a LCWD of CSP 1.1 Sigbjørn Vik
• Re: CfC to publish a LCWD of CSP 1.1 Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Mike West
• Re: CfC to publish a LCWD of CSP 1.1 Anne van Kesteren
• Re: CfC to publish a LCWD of CSP 1.1 Sigbjørn Vik
• CfC to publish a LCWD of CSP 1.1 Mike West
• Re: Header Policy Vs. Meta tag policy Mike West
• Re: CSP: Block redirects by default? Mike West
• Re: [MIX]: "Assumed"/"Proven" Terminology. Mike West
• Re: Header Policy Vs. Meta tag policy Daniel Veditz
• Re: Header Policy Vs. Meta tag policy Mike West

Tuesday, 10 June 2014

• Re: Header Policy Vs. Meta tag policy Giorgio Maone
• Re: Header Policy Vs. Meta tag policy Oda, Terri
• Re: Header Policy Vs. Meta tag policy Tanvi Vyas
• Re: [MIX]: "Assumed"/"Proven" Terminology. Zack Weinberg
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Zack Weinberg
• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Katharine Berry
• Re: Header Policy Vs. Meta tag policy Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Katharine Berry

Monday, 9 June 2014

• Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) Brian Smith
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Zack Weinberg
• Header Policy Vs. Meta tag policy Kevin Hill

Friday, 6 June 2014

• Header Policy Vs. Meta tag policy Kevin Hill
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Katharine Berry
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Mike West
• Re: CSP sandboxing and workers Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Katharine Berry
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Katharine Berry
• [MIX]: "Assumed"/"Proven" Terminology. (Re: [MIX]: Expand scope beyond TLS/non-TLS) Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Zack Weinberg
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Jeffrey Walton
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Zack Weinberg

Thursday, 5 June 2014

• Re: CSP sandboxing and workers Oda, Terri
• Re: Discuss SVG and CSP for the June 5 SVG teleconference Dirk Schulze
• Re: Discuss SVG and CSP for the June 5 SVG teleconference Anne van Kesteren
• Re: Discuss SVG and CSP for the June 5 SVG teleconference Dirk Schulze
• Re: CSP: Block redirects by default? Joshua Peek
• Re: CSP: Block redirects by default? Neil Matatall
• Re: CSP: Block redirects by default? Mike West
• Re: CSP: Block redirects by default? Joshua Peek
• RE: CSP sandboxing and workers Hill, Brad
• Re: CSP sandboxing and workers Mike West
• Re: Remove paths from CSP? Sigbjørn Vik
• Re: Remove paths from CSP? Mike West
• Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Mike West
• Re: Remove paths from CSP? Sigbjørn Vik
• Re: [MIX] localhost should not be trusted Mike West

Wednesday, 4 June 2014

• [MIX] localhost should not be trusted Zack Weinberg

Thursday, 5 June 2014

• CSP: Block redirects by default? Mike West
• Re: Remove paths from CSP? Mike West
• Re: [CSP] enforcement on non text-html resources Anne van Kesteren
• Re: [CSP] enforcement on non text-html resources Mike West
• RE: Agenda, 5 June 2014 SVG WG / WebAppSec WG telcon David Dailey
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 Rebecca Hauck

Wednesday, 4 June 2014

• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 James Graham
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 Odin Hørthe Omdal
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 Hill, Brad
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 Odin Hørthe Omdal
• Re: CSP sandboxing and workers Brad Hill
• Re: Agenda, 5 June 2014 SVG WG / WebAppSec WG telcon Hill, Brad
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 Hill, Brad
• Re: [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 Odin Hørthe Omdal
• [webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 Brad Hill
• Re: [CSP] enforcement on non text-html resources Anne van Kesteren
• [CSP] enforcement on non text-html resources Neil Matatall
• Re: CSP sandboxing and workers Brad Hill
• Re: Remove paths from CSP? Brad Hill
• Re: [MIX] Comments on draft Mixed Content spec Brad Hill
• Re: CSP, Fetch, and frame-ancestors Mike West
• Re: [MIX] Comments on draft Mixed Content spec Mike West
• Re: CSP, Fetch, and frame-ancestors Anne van Kesteren
• Re: CSP, Fetch, and frame-ancestors Mike West
• [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) Mike West
• Re: CSP, Fetch, and frame-ancestors Anne van Kesteren
• [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Mike West
• Re: CSP, Fetch, and frame-ancestors Mike West
• Re: CSP, Fetch, and frame-ancestors Anne van Kesteren
• Re: CSP, Fetch, and frame-ancestors Mike West
• Agenda, 5 June 2014 SVG WG / WebAppSec WG telcon Erik Dahlström
• Re: Discuss SVG and CSP for the June 5 SVG teleconference Erik Dahlström
• Re: CSP, Fetch, and frame-ancestors Anne van Kesteren
• Re: CSP, Fetch, and frame-ancestors Mike West
• [MIX] Comments on draft Mixed Content spec Tanvi Vyas
• Re: CSP, Fetch, and frame-ancestors Brad Hill
• Discuss SVG and CSP for the June 5 SVG teleconference Hill, Brad

Tuesday, 3 June 2014

• Re: "Mixed Content" draft up for review. Brian Smith
• [webappsec] Teleconference Agenda: 04-Jun-2014 Brad Hill
• Re: "Mixed Content" draft up for review. Brian Smith
• Re: Remove paths from CSP? Sigbjørn Vik
• Re: CORS and null Mike West
• Re: CORS and null Anne van Kesteren
• Re: CORS and null Mike West
• Re: Remove paths from CSP? Mike West
• Re: CSP sandboxing and workers Mike West
• [MIX]: 'allow-from' header? (Re: "Mixed Content" draft up for review.) Mike West
• [MIX] Checking parent/top (Re: "Mixed Content" draft up for review.) Mike West
• Re: "Mixed Content" draft up for review - HSTS interworking =JeffH
• Re: "Mixed Content" draft up for review. Anne van Kesteren
• Re: CSP sandboxing and workers Oda, Terri
• Re: "Mixed Content" draft up for review - HSTS primary purpose =JeffH

Monday, 2 June 2014

• Re: "Mixed Content" draft up for review. Tanvi Vyas
• Re: "Mixed Content" draft up for review. Yan Zhu
• Re: "Mixed Content" draft up for review. Tanvi Vyas
• Re: "Mixed Content" draft up for review. Devdatta Akhawe
• Re: "Mixed Content" draft up for review. Daniel Veditz
• Re: CSP sandboxing and workers Brad Hill
• Re: CSP sandboxing and workers Anne van Kesteren
• Re: CSP sandboxing and workers Brad Hill
• Re: "Mixed Content" draft up for review. Ryan Sleevi
• Re: "Mixed Content" draft up for review. Devdatta Akhawe
• Re: "Mixed Content" draft up for review. Ryan Sleevi
• Re: "Mixed Content" draft up for review. Mike West
• Re: "Mixed Content" draft up for review. Anne van Kesteren
• Re: "Mixed Content" draft up for review. Ryan Sleevi
• Re: "Mixed Content" draft up for review. Devdatta Akhawe
• Re: Remove paths from CSP? Sigbjørn Vik
• Re: "Mixed Content" draft up for review. Mike West
• Re: "Mixed Content" draft up for review. Mike West
• Re: "Mixed Content" draft up for review. Ryan Sleevi
• Re: Remove paths from CSP? Mike West
• Re: "Mixed Content" draft up for review. Anne van Kesteren
• Re: "Mixed Content" draft up for review. Mike West
• Re: "Mixed Content" draft up for review. Anne van Kesteren
• CORS and null Anne van Kesteren
• Re: Remove paths from CSP? Sigbjørn Vik

Sunday, 1 June 2014

• Re: CSP sandboxing and workers Mike West
• CSP sandboxing and workers Anne van Kesteren

Last message date: Monday, 30 June 2014 23:11:37 UTC