W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: Should CSP affect a Notification icon?

From: Daniel Veditz <dveditz@mozilla.com>
Date: Sun, 09 Nov 2014 22:17:22 -0800
Message-ID: <54605872.5090103@mozilla.com>
To: Jim Manico <jim.manico@owasp.org>, Brian Smith <brian@briansmith.org>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 11/9/2014 4:40 PM, Jim Manico wrote:
> This is a bit tangential, but for future versions of the standard, I'd
> love to be able to limit where simple links are allowed to go. For
> example, perhaps I want to limit a site from only being allow to link to
> my domain or subdomain. I'm just thinking, what else can we limit in the
> browser to lower the attack surface?

We are considering adding controls inspired by David Ross's "Entry Point
Regulation" idea. Is that along the lines of what you were thinking?
http://randomdross.blogspot.com/2014/08/entry-point-regulation-for-web-apps.html

-Dan Veditz
Received on Monday, 10 November 2014 06:17:54 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC