Starter Javascript API proposal for CSP from Paul Frazee on 2014-03-24 (public-webappsec@w3.org from March 2014)

From: Paul Frazee <pfrazee@gmail.com>
Date: Mon, 24 Mar 2014 15:54:11 -0500
To: public-webappsec@w3.org
Message-ID: <CAD4FMejowujARir+EMugLF1yE7yfL4FAc-VNg7t6hpd_PidWMA@mail.gmail.com>

Hi folks,

I wanted to get the ball rolling on the discussion for a JS API for CSP. I
spent the morning putting together what I thought would be a basic,
uncontroversial starting point:

http://pfraze.github.io/2014/03/24/js-api-proposal-for-csp.html

If some consensus can be made around a basic API, it'll be possible to
delve into the particulars of each directive's policies. This design should
also provide some flexibility for adding new kinds of directives and
policies on a per-API basis, for instance: on Document, Worker, and perhaps
more granular APIs such as XMLHttpRequest, if there's a need for it. This
design also tries to maintain the existing CSP implementation.

Feedback appreciated.

Be well,
Paul F

Received on Tuesday, 25 March 2014 10:34:06 UTC