W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]

From: Brad Hill <hillbrad@fb.com>
Date: Tue, 18 Nov 2014 17:58:53 +0000
To: Deian Stefan <deian@cs.stanford.edu>, "Web Application Security Working Group Issue Tracker" <sysbot+tracker@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <D090C8B0.1242%hillbrad@fb.com>
Deian, thank you and please do.  We always welcome proposed text (from
group members).

On 11/17/14, 9:36 PM, "Deian Stefan" <deian@cs.stanford.edu> wrote:

>Web Application Security Working Group Issue Tracker
><sysbot+tracker@w3.org> writes:
>
>> webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives
>>to manage postMessage and external navigation of iframes [CSP Next]
>>
>> 
>>https://urldefense.proofpoint.com/v1/url?u=http://www.w3.org/2011/webapps

>>ec/track/issues/69&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2B
>>WBMXZg%3D%3D%0A&m=20fYIyK0B054c%2F3Inxh6CMhqM4P6GMDnK9mQu6OQeZ8%3D%0A&s=7
>>df5fe9ca9d2155240020c3c23e26ce687ab4374d8ae0e6b85894e299d1b8fb8
>>
>> Raised by: Devdatta Akhawe
>> On product: CSP Next
>>
>> 
>>https://urldefense.proofpoint.com/v1/url?u=http://lists.w3.org/Archives/P

>>ublic/public-webappsec/2014Jul/0047.html&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0
>>A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=20fYIyK0B054c%2F3Inxh6CMhqM4P6GMD
>>nK9mQu6OQeZ8%3D%0A&s=47aee70c52bc137f1eaa262acb0eb6740a325d04f7f7368131c0
>>5379def0bcad
>
>I think that having message-src, message-sink, and navigation directives
>would be useful additions to CSP v. Next in terms of adding more layers
>of defense. I would be happy to take a first cut at the description of
>these if others agree.
>
>Thanks,
>Deian
>

Received on Tuesday, 18 November 2014 17:59:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC