public-webappsec@w3.org from June 2014 by thread

CSP: 'no-external-navigation'? Mike West (Monday, 30 June)

[MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Mike West (Monday, 30 June)

Isolated Web Components for a more secure web Eduardo Robles Elvira (Saturday, 28 June)

Re: CSP wildcard host matching Mike West (Sunday, 29 June)

[MIX] blob URLs Anne van Kesteren (Saturday, 28 June)

Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Friday, 27 June)

[CSP] Additional report field: report-only: "true|false" Neil Matatall (Thursday, 26 June)

CfC to publish FPWD of Mixed Content. Mike West (Wednesday, 25 June)

Naming things: CSP 1.1 -> CSP level 2? Mike West (Tuesday, 24 June)

Reducing reporting noise Daniel Veditz (Thursday, 19 June)

PFWG comments on User Interface Security Directives for Content Security Policy Michael Cooper (Thursday, 19 June)

webappsec-ISSUE-62: is reflected-xss at risk? Web Application Security Working Group Issue Tracker (Wednesday, 18 June)

ISSUE-61: Should we mark referrer and reflected-xss as at risk in csp 1.1 lcwd? Web Application Security Working Group Issue Tracker (Wednesday, 18 June)

[webappsec] WebAppSec WG Teleconference Agenda 18-June-2014 Brad Hill (Tuesday, 17 June)

Call for Exclusions (Update): Subresource Integrity Coralie Mercier (Tuesday, 17 June)

[integrity] The noncanonical-src attribute Simon Pieters (Friday, 13 June)

CSP: Problems with referrer and reflected-xss Brian Smith (Friday, 13 June)

Standardize referrer policy Jochen Eisinger (Wednesday, 11 June)

[Bug 26061] New: Improve consistency with CSP 1.1 w.r.t. add-on/extension semantics. bugzilla@jessica.w3.org (Wednesday, 11 June)

CfC to publish a LCWD of CSP 1.1 Mike West (Wednesday, 11 June)

Re: [MIX]: "Assumed"/"Proven" Terminology. Zack Weinberg (Tuesday, 10 June)

Header Policy Vs. Meta tag policy Kevin Hill (Monday, 9 June)

Header Policy Vs. Meta tag policy Kevin Hill (Friday, 6 June)

Re: [MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Katharine Berry (Friday, 6 June)

[MIX]: "Assumed"/"Proven" Terminology. (Re: [MIX]: Expand scope beyond TLS/non-TLS) Mike West (Friday, 6 June)

[MIX] localhost should not be trusted Zack Weinberg (Wednesday, 4 June)

CSP: Block redirects by default? Mike West (Thursday, 5 June)

[webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3 Brad Hill (Wednesday, 4 June)

[CSP] enforcement on non text-html resources Neil Matatall (Wednesday, 4 June)

[MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.) Mike West (Wednesday, 4 June)

[MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.) Mike West (Wednesday, 4 June)

Agenda, 5 June 2014 SVG WG / WebAppSec WG telcon Erik Dahlström (Wednesday, 4 June)

[MIX] Comments on draft Mixed Content spec Tanvi Vyas (Wednesday, 4 June)

Re: CSP, Fetch, and frame-ancestors Brad Hill (Wednesday, 4 June)

Discuss SVG and CSP for the June 5 SVG teleconference Hill, Brad (Wednesday, 4 June)

[webappsec] Teleconference Agenda: 04-Jun-2014 Brad Hill (Tuesday, 3 June)

[MIX]: 'allow-from' header? (Re: "Mixed Content" draft up for review.) Mike West (Tuesday, 3 June)

[MIX] Checking parent/top (Re: "Mixed Content" draft up for review.) Mike West (Tuesday, 3 June)

Re: "Mixed Content" draft up for review - HSTS interworking =JeffH (Tuesday, 3 June)

Re: "Mixed Content" draft up for review - HSTS primary purpose =JeffH (Tuesday, 3 June)

Re: "Mixed Content" draft up for review. Anne van Kesteren (Monday, 2 June)

CORS and null Anne van Kesteren (Monday, 2 June)

Re: Remove paths from CSP? Sigbjørn Vik (Monday, 2 June)

CSP sandboxing and workers Anne van Kesteren (Sunday, 1 June)

Last message date: Monday, 30 June 2014 23:11:37 UTC