W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: Clarification of CSP sandbox and workers

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 12 Nov 2014 21:02:25 +0000 (UTC)
To: Mike West <mkwst@google.com>
cc: Anne van Kesteren <annevk@annevk.nl>, Deian Stefan <deian@cs.stanford.edu>, WebApps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <alpine.DEB.2.00.1411122102000.7063@ps20323.dreamhostps.com>
On Wed, 12 Nov 2014, Mike West wrote:
>
> The CSP spec should just delegate to HTML here. If/when HTML defines 
> sandboxing with regard to Workers, CSP will just start using those 
> hooks.
> 
> I'd agree, for example, that it does appear that sandboxing a worker 
> into a unique origin could be interesting. It's not clear to me whether 
> any of the other flags would be useful, though.
> 
> Ian, WDYT?

Happy to add features if browsers are going to implement them. Just file a 
bug describing what the feature is. :-)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 12 November 2014 21:02:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC