W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2014

"Mixed Content" draft up for review.

From: Mike West <mkwst@google.com>
Date: Fri, 30 May 2014 20:04:16 +0200
Message-ID: <CAKXHy=e7kDXmngdbOyxpaWdSfFZ2AdyiQ1LhxQut_LxbkXYd5Q@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Tanvi Vyas <tanvi@mozilla.com>, Brad Hill <bhill@paypal.com>, Dan Veditz <dveditz@mozilla.com>, Anne van Kesteren <annevk@annevk.nl>
As we (briefly) discussed in the May 7th call[1]
<http://www.w3.org/2011/webappsec/draft-minutes/2014-05-07-webappsec-minutes.html#item07>,
mixed content is poorly defined, and doesn't really belong in either Fetch
or CSP directly. I've put together a draft "Mixed Content" specification[2]
<https://w3c.github.io/webappsec/specs/mixedcontent/> in the hopes of
addressing those concerns.

This draft does not attempt to invent new functionality, but instead to
document and refine the mixed content behavior user agents already exhibit.
I hope it contains no real surprises. Your feedback would be very much
appreciated.

Note: the algorithms and implementation rely heavily on the Fetch living
standard, which Anne has been kind enough to offer to modify as
outlined in section
6 of the draft[3]
<https://w3c.github.io/webappsec/specs/mixedcontent/#fetch-integration>.

[1]:
http://www.w3.org/2011/webappsec/draft-minutes/2014-05-07-webappsec-minutes.html#item07
[2]: https://w3c.github.io/webappsec/specs/mixedcontent/
[3]: https://w3c.github.io/webappsec/specs/mixedcontent/#fetch-integration

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 30 May 2014 18:05:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC