W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: Should CSP affect a Notification icon?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 10 Nov 2014 09:58:45 +0100
Message-ID: <CADnb78j0dmM_SpocMGct7PjFvN9sgCeaAWpa16hzqRNH8R4oDA@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: Daniel Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Nov 10, 2014 at 3:45 AM, Brian Smith <brian@briansmith.org> wrote:
> More generally, as people add stuff to the (WHATWG) HTML Standard,
> they need a way of specifying how CSP works for it, and/or a way to
> define new CSP directives for that stuff, without waiting for a new
> level of CSP to go through standardization at W3C.

This is addressed by defining CSP in terms of Fetch and defining new
features in terms of Fetch. That way CSP blocking will naturally fall
out. And this would cover everything.

We already discussed this to some extent on this very list though and
I thought this was already agreed, but it seems to be new so I guess
if there are any questions on this plan, Mike and I can elaborate.


-- 
https://annevankesteren.nl/
Received on Monday, 10 November 2014 08:59:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC