W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: Should CSP affect a Notification icon?

From: Jim Manico <jim.manico@owasp.org>
Date: Mon, 10 Nov 2014 17:10:53 +0800
Message-ID: <5460811D.1030409@owasp.org>
To: Daniel Veditz <dveditz@mozilla.com>, Brian Smith <brian@briansmith.org>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Yup, this covers exactly what I had in mind. I do indeed hope you 
include it in future versions of that standard.

Thank you Daniel,
Jim


On 11/10/14 2:17 PM, Daniel Veditz wrote:
> On 11/9/2014 4:40 PM, Jim Manico wrote:
>> This is a bit tangential, but for future versions of the standard, I'd
>> love to be able to limit where simple links are allowed to go. For
>> example, perhaps I want to limit a site from only being allow to link to
>> my domain or subdomain. I'm just thinking, what else can we limit in the
>> browser to lower the attack surface?
> We are considering adding controls inspired by David Ross's "Entry Point
> Regulation" idea. Is that along the lines of what you were thinking?
> http://randomdross.blogspot.com/2014/08/entry-point-regulation-for-web-apps.html
>
> -Dan Veditz
Received on Monday, 10 November 2014 09:11:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC