W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]

From: Deian Stefan <deian@cs.stanford.edu>
Date: Mon, 17 Nov 2014 21:36:18 -0800
To: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>, public-webappsec@w3.org
Message-ID: <87ppcl1359.fsf@cs.stanford.edu>
Web Application Security Working Group Issue Tracker
<sysbot+tracker@w3.org> writes:

> webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]
>
> http://www.w3.org/2011/webappsec/track/issues/69
>
> Raised by: Devdatta Akhawe
> On product: CSP Next
>
> http://lists.w3.org/Archives/Public/public-webappsec/2014Jul/0047.html

I think that having message-src, message-sink, and navigation directives
would be useful additions to CSP v. Next in terms of adding more layers
of defense. I would be happy to take a first cut at the description of
these if others agree.

Thanks,
Deian
Received on Tuesday, 18 November 2014 05:36:43 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC