W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2014

Re: CSP spec minutia.

From: Oda, Terri <terri.oda@intel.com>
Date: Tue, 20 May 2014 14:32:20 -0700
Message-ID: <CACoC0R9JTD+WAZL1g7a58hLDZFN=qPReDkGghLxdCU0g30oeZg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Tab Atkins <tabatkins@google.com>
Looking great, Mike!

While I was flipping through, I noticed a few typos, so I ran the CSP specs
through a quick spell check. I'll submit a pull request with those fixes
rather than enumerate them here.  But there's one that came up that I
wasn't sure about.  In section 7.14 we have: "The reflected-xss directive
instructs a user agent to active or disactivate any heuristics used to
filter or block reflected cross-site scripting attacks."

Should that be "deactivate" or is "disactivate" jargon that I'm simply not
familiar with?



On Tue, May 20, 2014 at 5:32 AM, Mike West <mkwst@google.com> wrote:

> If you've never looked at the CSP spec's source code, ignore this email. :)
>
> I've taken a pass through CSP 1.1 in the hopes of getting us to last call
> sometime in the foreseeable future. While doing so, I've ported the spec
> from an old, old, old version of Respec to the CSSWG's new hotness,
> Bikeshed. I think the code is significantly easier to follow, and we're now
> much more easily capable of interlinking definitions both internally and in
> external specifications. Most importantly, we can swipe the CSSWG's layout.
> :)
>
> Thanks to Tab for putting up with my n00b questions over the last day or
> three.
>
> I've also moved the spec from
> http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.htmlto
> https://w3c.github.io/webappsec/specs/content-security-policy/ to match
> SRI.
>
> Hopefully you'll enjoy reading the new layout (and I'd encourage you to do
> so, and tell me about typos or bugs in the spec!), thanks!
>
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>
Received on Tuesday, 20 May 2014 21:32:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC