Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] from Deian Stefan on 2014-11-18 (public-webappsec@w3.org from November 2014)

From: Deian Stefan <deian@cs.stanford.edu>
Date: Mon, 17 Nov 2014 21:36:18 -0800
To: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>, public-webappsec@w3.org
Message-ID: <87ppcl1359.fsf@cs.stanford.edu>

Web Application Security Working Group Issue Tracker
<sysbot+tracker@w3.org> writes:

> webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]
>
> http://www.w3.org/2011/webappsec/track/issues/69
>
> Raised by: Devdatta Akhawe
> On product: CSP Next
>
> http://lists.w3.org/Archives/Public/public-webappsec/2014Jul/0047.html

I think that having message-src, message-sink, and navigation directives
would be useful additions to CSP v. Next in terms of adding more layers
of defense. I would be happy to take a first cut at the description of
these if others agree.

Thanks,
Deian

Received on Tuesday, 18 November 2014 05:36:43 UTC