=JeffH
Adam Langley
Anne van Kesteren
- Re: [MIX] Initial feedback on Mixed Content (Tuesday, 25 November)
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: some testing on workers and sandbox (Thursday, 20 November)
- Re: [MIX] Interaction between HSTS and mixed content blocking (Wednesday, 19 November)
- Re: [MIX] Interaction between HSTS and mixed content blocking (Wednesday, 19 November)
- Re: some testing on workers and sandbox (Wednesday, 19 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Tuesday, 18 November)
- Netflix, MSE, and EME (Friday, 14 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Friday, 14 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Thursday, 13 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Thursday, 13 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Thursday, 13 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: [CSP] URI/IRI normalization and comparison (Wednesday, 12 November)
- Re: Clarification of CSP sandbox and workers (Wednesday, 12 November)
- Re: [CSP] URI/IRI normalization and comparison (Wednesday, 12 November)
- Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things (Monday, 10 November)
- Re: Early morning thoughts on referrers. (Monday, 10 November)
- Re: [CSP] <meta> clarifications (Monday, 10 November)
- Re: [webappsec] Rechartering: force secure-only child browsing contexts (Monday, 10 November)
- Re: [CSP] URI/IRI normalization and comparison (Monday, 10 November)
- Re: Early morning thoughts on referrers. (Monday, 10 November)
- Re: Should CSP affect a Notification icon? (Monday, 10 November)
- Re: Should CSP affect a Notification icon? (Monday, 10 November)
- Re: [CSP] URI/IRI normalization and comparison (Monday, 10 November)
- Re: Bug tracking (Sunday, 9 November)
- Bug tracking (Friday, 7 November)
- Re: [CSP] Relative/absolute hostname matching (Friday, 7 November)
- Re: [CSP] Relative/absolute hostname matching (Friday, 7 November)
- Re: [CSP] URI/IRI normalization and comparison (Friday, 7 November)
- Re: [SRI] may only be used in documents in secure origins (Wednesday, 5 November)
Boris Zbarsky
Brad Hill
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features" (Monday, 24 November)
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features" (Monday, 24 November)
- Re: "Requirements for Powerful Features" strawman. (Thursday, 20 November)
- Re: some testing on workers and sandbox (Thursday, 20 November)
- Re: "Requirements for Powerful Features" strawman. (Thursday, 20 November)
- Re: "Requirements for Powerful Features" strawman. (Thursday, 20 November)
- Re: [SRI] To trust or not to trust a CDN (Thursday, 20 November)
- Re: some testing on workers and sandbox (Wednesday, 19 November)
- Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG (Wednesday, 19 November)
- Re: some testing on workers and sandbox (Wednesday, 19 November)
- some testing on workers and sandbox (Tuesday, 18 November)
- Call for consensus to move forward with proposed rechartering of WebAppSec WG (Tuesday, 18 November)
- Re: Early morning thoughts on referrers. (Tuesday, 18 November)
- Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] (Tuesday, 18 November)
- Re: Early morning thoughts on referrers. (Tuesday, 18 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Tuesday, 18 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Monday, 17 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Monday, 17 November)
- [webappsec] Agenda for Teleconference, Monday 17 Nov 2014 (Monday, 17 November)
- [webappsec] "operator eval" (Friday, 14 November)
- TPAC survey (Friday, 14 November)
- Re: Rechartering: Permissions API (Thursday, 13 November)
- Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things (Wednesday, 12 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: Rechartering: Permissions API (Wednesday, 12 November)
- Re: [webappsec] New W3C process and Last Call (Tuesday, 11 November)
- Re: [webappsec] Rechartering: Sub-Origins (Monday, 10 November)
- Re: Bug tracking (Monday, 10 November)
- Re: [webappsec] Rechartering: Sub-Origins (Monday, 10 November)
- [webappsec] New W3C process and Last Call (Monday, 10 November)
- Re: [webappsec] Rechartering: Write-Only Form Elements (Monday, 10 November)
- [webappsec] Draft charter for review (Monday, 10 November)
- Re: CfC: Mixed Content to Last Call? (Monday, 10 November)
- Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things (Monday, 10 November)
- Re: [webappsec] Rechartering: force secure-only child browsing contexts (Monday, 10 November)
- [webappsec] Rechartering: COWL (Monday, 10 November)
- [webappsec] Rechartering: Entry Point Regulation (EPR) (Monday, 10 November)
- [webappsec] Rechartering: additional cookie data (Monday, 10 November)
- [webappsec] Rechartering: Web Authentication v.Next (Monday, 10 November)
- [webappsec] Rechartering: Secure Introduction of Internet-Connected Things (Monday, 10 November)
- [webappsec] Rechartering: sandboxed cross-origin workers (Monday, 10 November)
- [webappsec] Rechartering: force secure-only child browsing contexts (Monday, 10 November)
- [webappsec] Rechartering: Sub-Origins (Monday, 10 November)
- [webappsec] Rechartering: CSP Level 3 (Monday, 10 November)
- [webappsec] Rechartering: MIME-type sniffing (Monday, 10 November)
- [webappsec] Rechartering: Write-Only Form Elements (Sunday, 9 November)
- [webappsec] Rechartering: Credential Management API (Sunday, 9 November)
- Re: CfC: Mixed Content to Last Call? (Friday, 7 November)
- Re: [CSP] Additional report field: report-only: "true|false" (Tuesday, 4 November)
- Re: [CSP] may we have script-ancestors to protect JSONP call (Tuesday, 4 November)
- Re: [CSP] prevent 401 attach (Tuesday, 4 November)
- Re: CSP: Problems with referrer and reflected-xss (Tuesday, 4 November)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Tuesday, 4 November)
- Re: Frame access (Monday, 3 November)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Monday, 3 November)
- [webappsec] TPAC summary (Monday, 3 November)
- Re: [MIX] 4.5 User Controls (Monday, 3 November)
- [webappsec] Agenda for Teleconference, Monday 03 Nov 2014 (Monday, 3 November)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Monday, 3 November)
- Re: [MIX] 4.5 User Controls (Monday, 3 November)
Brian Smith
- [MIX] HTTPS -> non-HTTPS redirects (Tuesday, 25 November)
- Re: [MIX] Initial feedback on Mixed Content (Monday, 24 November)
- Re: [MIX] Initial feedback on Mixed Content (Friday, 21 November)
- Re: [SRI] To trust or not to trust a CDN (Thursday, 20 November)
- Re: [SRI] To trust or not to trust a CDN (Thursday, 20 November)
- Re: [SRI] To trust or not to trust a CDN (Thursday, 20 November)
- Re: Early morning thoughts on referrers. (Wednesday, 19 November)
- Re: [MIX] Interaction between HSTS and mixed content blocking (Wednesday, 19 November)
- [MIX] Interaction between HSTS and mixed content blocking (Wednesday, 19 November)
- Re: [CSP] URI/IRI normalization and comparison (Tuesday, 18 November)
- Re: [MIX] Initial feedback on Mixed Content (Tuesday, 18 November)
- Re: [MIX] Initial feedback on Mixed Content (Tuesday, 18 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Tuesday, 18 November)
- Re: [webappsec] Rechartering: force secure-only child browsing contexts (Friday, 14 November)
- [MIX] Initial feedback on Mixed Content (Friday, 14 November)
- Re: [webappsec] Rechartering: force secure-only child browsing contexts (Friday, 14 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Friday, 14 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Thursday, 13 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Thursday, 13 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Wednesday, 12 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: [CSP] URI/IRI normalization and comparison (Wednesday, 12 November)
- Re: [webappsec] Rechartering: force secure-only child browsing contexts (Wednesday, 12 November)
- Re: [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete? (Wednesday, 12 November)
- Re: [CSP] Clarifications regarding the HTTP LINK Header (Tuesday, 11 November)
- Re: [CSP] URI/IRI normalization and comparison (Tuesday, 11 November)
- Re: [CSP] URI/IRI normalization and comparison (Tuesday, 11 November)
- Re: [CSP] URI/IRI normalization and comparison (Tuesday, 11 November)
- Re: [webappsec] Rechartering: Sub-Origins (Tuesday, 11 November)
- Re: [webappsec] Rechartering: Sub-Origins (Monday, 10 November)
- Re: Early morning thoughts on referrers. (Monday, 10 November)
- Re: Referrer Policy: Same-origin URIs (Monday, 10 November)
- Re: Should CSP affect a Notification icon? (Monday, 10 November)
- Re: [CSP] URI/IRI normalization and comparison (Monday, 10 November)
- Re: [CSP] URI/IRI normalization and comparison (Monday, 10 November)
- Re: Should CSP affect a Notification icon? (Sunday, 9 November)
- Re: Should CSP affect a Notification icon? (Sunday, 9 November)
- [CSP] <meta> clarifications (Sunday, 9 November)
- [CSP] Clarifications regarding the HTTP LINK Header (Sunday, 9 November)
- Re: Referrer Policy: Same-origin URIs (Sunday, 9 November)
- Re: [CSP] Clarifications on nonces (Friday, 7 November)
- Re: [CSP] Clarifications on nonces (Friday, 7 November)
- Re: [CSP] violation reports for sandbox (Thursday, 6 November)
- Re: [SRI] To trust or not to trust a CDN (Thursday, 6 November)
- [CSP] URI/IRI normalization and comparison (Thursday, 6 November)
- Re: [CSP] Relative/absolute hostname matching (Thursday, 6 November)
- [CSP] An outline of a taxonomy of CSP directives (Thursday, 6 November)
- [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete? (Thursday, 6 November)
- [CSP] violation reports for sandbox (Thursday, 6 November)
- [CSP] Consistency of CSP hash-source with SRI regarding secure origins (Thursday, 6 November)
- [CSP] Clarifications on nonces (Thursday, 6 November)
- [CSP] Relative/absolute hostname matching (Thursday, 6 November)
- [CSP] URI Query part matching (Thursday, 6 November)
- Re: [SRI] may only be used in documents in secure origins (Wednesday, 5 November)
- Re: [SRI] may only be used in documents in secure origins (Wednesday, 5 November)
- Re: [SRI] may only be used in documents in secure origins (Wednesday, 5 November)
- Re: [SRI] To trust or not to trust a CDN (Wednesday, 5 November)
- Re: [SRI] To trust or not to trust a CDN (Wednesday, 5 November)
- Re: [SRI] To trust or not to trust a CDN (Wednesday, 5 November)
- Re: CSP: Problems with referrer and reflected-xss (Wednesday, 5 November)
bugzilla@jessica.w3.org
chaals@yandex-team.ru
Chris Palmer
Coralie Mercier
Daniel Kahn Gillmor
Daniel Veditz
- [CSP] PING-- CSP vs. Fetch (Saturday, 15 November)
- Re: Rechartering: Permissions API (Thursday, 13 November)
- Re: Rechartering: Permissions API (Wednesday, 12 November)
- Re: Should CSP affect a Notification icon? (Monday, 10 November)
- Re: Should CSP affect a Notification icon? (Monday, 10 November)
- Should CSP affect a Notification icon? (Sunday, 9 November)
- Re: CfC: Mixed Content to Last Call? (Friday, 7 November)
- Re: [CSP] Clarifications on nonces (Thursday, 6 November)
- Re: [CSP] violation reports for sandbox (Thursday, 6 November)
- Re: CSP: Problems with referrer and reflected-xss (Wednesday, 5 November)
- Re: CSP: Problems with referrer and reflected-xss (Wednesday, 5 November)
David Bruant
David Ross
Deian Stefan
Devdatta Akhawe
- Re: Early morning thoughts on referrers. (Tuesday, 18 November)
- Re: [webappsec] Rechartering: Sub-Origins (Monday, 10 November)
- Re: Referrer Policy: Same-origin URIs (Monday, 10 November)
- Re: Should CSP affect a Notification icon? (Monday, 10 November)
- Re: [webappsec] Rechartering: Sub-Origins (Monday, 10 November)
- Re: Avoiding syncronous manifest requests in EPR (Sunday, 9 November)
- Re: [SRI] To trust or not to trust a CDN (Sunday, 9 November)
- Re: Referrer Policy: Same-origin URIs (Sunday, 9 November)
- Re: Referrer Policy: Same-origin URIs (Sunday, 9 November)
- Referrer Policy: Same-origin URIs (Saturday, 8 November)
- Re: [CSP] Clarifications on nonces (Friday, 7 November)
- Re: CSP3: DOM API Strawman (Thursday, 6 November)
- Re: [SRI] To trust or not to trust a CDN (Thursday, 6 November)
- Re: [CSP] violation reports for sandbox (Thursday, 6 November)
- Re: [CSP] Clarifications on nonces (Thursday, 6 November)
- Re: CSP: Problems with referrer and reflected-xss (Wednesday, 5 November)
- Re: Avoiding syncronous manifest requests in EPR (Wednesday, 5 November)
- Re: [SRI] may only be used in documents in secure origins (Wednesday, 5 November)
- Re: CSP3: DOM API Strawman (Tuesday, 4 November)
- Re: Avoiding syncronous manifest requests in EPR (Tuesday, 4 November)
Eduardo Robles Elvira
Frederik Braun
Giorgio Maone
Ian Hickson
Ian Melven
Ilya Grigorik
Jake Archibald
Jeffrey Walton
Jeffrey Yasskin
Jim Manico
Jochen Eisinger
Joel Weinberger
John Kemp
Mark Nottingham
Mark Watson
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: "Requirements for Powerful Features" strawman. (Thursday, 20 November)
- Re: [MIX] Language improvement for authenticated origin defintiion (Tuesday, 18 November)
- [MIX] Language improvement for authenticated origin defintiion (Tuesday, 18 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Tuesday, 18 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Thursday, 13 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 12 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 5 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 5 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Wednesday, 5 November)
- [SRI] Escaping mixed-content blocking for video distribution (Monday, 3 November)
Martin Thomson
Michal Zalewski
Mike O'Neill
Mike West
- Re: [power] simplify 2.1 (Friday, 28 November)
- Re: snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features" (Friday, 28 November)
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features" (Tuesday, 25 November)
- Re: [MIX] Initial feedback on Mixed Content (Tuesday, 25 November)
- Re: [MIX] HTTPS -> non-HTTPS redirects (Tuesday, 25 November)
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features" (Monday, 24 November)
- CfC: Publish a FPWD of "Requirements for Powerful Features" (Monday, 24 November)
- Re: [MIX] Initial feedback on Mixed Content (Monday, 24 November)
- Re: [MIX] Initial feedback on Mixed Content (Sunday, 23 November)
- Re: "Requirements for Powerful Features" strawman. (Saturday, 22 November)
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: "Requirements for Powerful Features" strawman. (Friday, 21 November)
- Re: "Requirements for Powerful Features" strawman. (Thursday, 20 November)
- Re: "Requirements for Powerful Features" strawman. (Thursday, 20 November)
- Re: "Requirements for Powerful Features" strawman. (Thursday, 20 November)
- "Requirements for Powerful Features" strawman. (Thursday, 20 November)
- Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG (Tuesday, 18 November)
- Re: [MIX] Initial feedback on Mixed Content (Tuesday, 18 November)
- Re: [webappsec] Agenda for Teleconference, Monday 17 Nov 2014 (Monday, 17 November)
- Re: [CSP] PING-- CSP vs. Fetch (Monday, 17 November)
- Re: [MIX] Initial feedback on Mixed Content (Friday, 14 November)
- Re: [webappsec] Rechartering: force secure-only child browsing contexts (Friday, 14 November)
- Re: Rechartering: Permissions API (Thursday, 13 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Thursday, 13 November)
- Re: [webappsec] Rechartering: Credential Management API (Thursday, 13 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Thursday, 13 November)
- Re: Clarification of CSP sandbox and workers (Wednesday, 12 November)
- Re: [webappsec] Rechartering: force secure-only child browsing contexts (Wednesday, 12 November)
- Re: [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 (Tuesday, 11 November)
- Re: Bug tracking (Tuesday, 11 November)
- Re: RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 (Tuesday, 11 November)
- Re: [webappsec] Draft charter for review (Tuesday, 11 November)
- Re: [webappsec] Rechartering: Sub-Origins (Monday, 10 November)
- Re: CfC: Mixed Content to Last Call? (Monday, 10 November)
- Early morning thoughts on referrers. (Monday, 10 November)
- Re: CfC: Mixed Content to Last Call? (Friday, 7 November)
- Re: CfC: Mixed Content to Last Call? (Friday, 7 November)
- Re: Bug tracking (Friday, 7 November)
- Re: [CSP] Relative/absolute hostname matching (Friday, 7 November)
- Re: [CSP] URI Query part matching (Thursday, 6 November)
- Re: [CSP] Relative/absolute hostname matching (Thursday, 6 November)
- Re: CSP: Problems with referrer and reflected-xss (Wednesday, 5 November)
- Re: CSP: Problems with referrer and reflected-xss (Wednesday, 5 November)
- Re: CSP3: DOM API Strawman (Tuesday, 4 November)
- Re: [CSP] Implementer differences: window.open (Monday, 3 November)
- Re: [webappsec] TPAC summary (Monday, 3 November)
- Re: [SRI] Escaping mixed-content blocking for video distribution (Monday, 3 November)
- Re: CSP3: DOM API Strawman (Monday, 3 November)
- Re: CSP3: DOM API Strawman (Monday, 3 November)
- CSP3: DOM API Strawman (Monday, 3 November)
- Re: [MIX] Modifications to script APIs (Monday, 3 November)
- Re: [MIX] Modifications to script APIs (Monday, 3 November)
Mounir Lamouri
Nottingham, Mark
Pete Freitag
Rigo Wenning
Ryan Sleevi
Sean Snider
Tanvi Vyas
timeless
timeless@gmail.com
Web Application Security Working Group Issue Tracker
- webappsec-ISSUE-72 (Streaming Integrity): How to apply integrity verification to large / streaming downloads [Subresource Integrity Level 2] (Monday, 17 November)
- webappsec-ACTION-207: Raise definition of sandboxed worker in html spec (Monday, 17 November)
- webappsec-ACTION-206: Reply on referrer suggest imperative policy controls in serviceworker (Monday, 17 November)
- webappsec-ACTION-205: Does link really violate csp guarantees? (Monday, 17 November)
- webappsec-ACTION-204: Reply to mark watson that 1/2 of his issue is a last call comment to mix (Monday, 17 November)
- webappsec-ACTION-203: Raise issue for sri large object /streaming integrity (Monday, 17 November)
- webappsec-ACTION-202: Issue cfc on new draft charter (Monday, 17 November)
- webappsec-ACTION-201: Add permissions api to draft charter (Monday, 17 November)
- webappsec-ACTION-200: Investigate git issue tooling with other w3c groups (Monday, 17 November)
- webappsec-ISSUE-71 (JSONP directives): Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces [CSP Level 3] (Tuesday, 4 November)
- webappsec-ISSUE-70 (Using ni:/// as CSP source): Investigate using ni:/// as a CSP source expression [CSP Next] (Tuesday, 4 November)
Wendy Seltzer
Last message date: Friday, 28 November 2014 17:11:31 UTC