public-webappsec@w3.org from November 2014 by date

Friday, 28 November 2014

• Re: [MIX] Initial feedback on Mixed Content Jim Manico
• Re: [power] simplify 2.1 chaals@yandex-team.ru
• Re: snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features" chaals@yandex-team.ru
• Re: [power] simplify 2.1 Mike West
• Re: snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features" Mike West
• Re: [MIX] Initial feedback on Mixed Content Jeffrey Walton

Tuesday, 25 November 2014

• Re: "Requirements for Powerful Features" strawman. Martin Thomson
• Re: "Requirements for Powerful Features" strawman. Chris Palmer
• Re: "Requirements for Powerful Features" strawman. Martin Thomson
• snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features" chaals@yandex-team.ru
• Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG Mounir Lamouri
• Re: CfC: Publish a FPWD of "Requirements for Powerful Features" John Kemp
• [power] simplify 2.1 chaals@yandex-team.ru
• Re: CfC: Publish a FPWD of "Requirements for Powerful Features" chaals@yandex-team.ru
• Re: [MIX] Initial feedback on Mixed Content Anne van Kesteren
• Re: CfC: Publish a FPWD of "Requirements for Powerful Features" Mike West
• Re: [MIX] Initial feedback on Mixed Content Mike West
• Re: [MIX] HTTPS -> non-HTTPS redirects Mike West
• [MIX] HTTPS -> non-HTTPS redirects Brian Smith

Monday, 24 November 2014

• Re: [MIX] Initial feedback on Mixed Content Brian Smith
• Re: CfC: Publish a FPWD of "Requirements for Powerful Features" Brad Hill
• Re: CfC: Publish a FPWD of "Requirements for Powerful Features" Mike West
• Re: CfC: Publish a FPWD of "Requirements for Powerful Features" Brad Hill
• Re: CfC: Publish a FPWD of "Requirements for Powerful Features" Mark Nottingham
• CfC: Publish a FPWD of "Requirements for Powerful Features" Mike West
• Re: [MIX] Initial feedback on Mixed Content Mike West

Sunday, 23 November 2014

• Re: [MIX] Initial feedback on Mixed Content Mike West
• [CSP] outbound links Nottingham, Mark
• Re: "Requirements for Powerful Features" strawman. Mark Nottingham
• Re: "Requirements for Powerful Features" strawman. Nottingham, Mark
• Re: [webappsec] Rechartering: Sub-Origins Nottingham, Mark

Saturday, 22 November 2014

• Re: "Requirements for Powerful Features" strawman. Mike West

Friday, 21 November 2014

• Re: [MIX] Initial feedback on Mixed Content Brian Smith
• Re: "Requirements for Powerful Features" strawman. Mark Watson
• Re: "Requirements for Powerful Features" strawman. Mike West
• Re: "Requirements for Powerful Features" strawman. Mark Watson
• Re: "Requirements for Powerful Features" strawman. Mike West
• Re: "Requirements for Powerful Features" strawman. Mark Watson
• Re: "Requirements for Powerful Features" strawman. Mike West
• Re: "Requirements for Powerful Features" strawman. Mark Watson
• Re: [SRI] To trust or not to trust a CDN Frederik Braun
• Re: "Requirements for Powerful Features" strawman. Mike West
• Re: "Requirements for Powerful Features" strawman. Anne van Kesteren

Thursday, 20 November 2014

• Re: [SRI] To trust or not to trust a CDN Eduardo Robles Elvira
• Re: [SRI] To trust or not to trust a CDN Brian Smith
• Re: [SRI] To trust or not to trust a CDN Brian Smith
• Re: "Requirements for Powerful Features" strawman. Mark Watson
• Re: "Requirements for Powerful Features" strawman. Mark Nottingham
• Re: "Requirements for Powerful Features" strawman. Mike West
• Re: "Requirements for Powerful Features" strawman. Brad Hill
• Re: some testing on workers and sandbox Brad Hill
• Re: "Requirements for Powerful Features" strawman. Mike West
• Re: "Requirements for Powerful Features" strawman. Brad Hill
• Re: "Requirements for Powerful Features" strawman. Chris Palmer
• Re: "Requirements for Powerful Features" strawman. Mike West
• Re: "Requirements for Powerful Features" strawman. Brad Hill
• Re: [SRI] To trust or not to trust a CDN Frederik Braun
• "Requirements for Powerful Features" strawman. Mike West
• Re: some testing on workers and sandbox Anne van Kesteren
• Re: some testing on workers and sandbox Boris Zbarsky
• Re: [SRI] To trust or not to trust a CDN Brad Hill
• Re: [SRI] To trust or not to trust a CDN Brian Smith

Wednesday, 19 November 2014

• Re: Early morning thoughts on referrers. Brian Smith
• Re: some testing on workers and sandbox Brad Hill
• Re: [MIX] Interaction between HSTS and mixed content blocking Anne van Kesteren
• Re: [MIX] Interaction between HSTS and mixed content blocking Adam Langley
• Re: [MIX] Interaction between HSTS and mixed content blocking Brian Smith
• Re: [MIX] Interaction between HSTS and mixed content blocking Anne van Kesteren
• [MIX] Interaction between HSTS and mixed content blocking Brian Smith
• Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG Brad Hill
• Re: some testing on workers and sandbox Boris Zbarsky
• Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG Giorgio Maone
• Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG Frederik Braun
• Re: some testing on workers and sandbox Anne van Kesteren
• Re: some testing on workers and sandbox Boris Zbarsky
• Re: some testing on workers and sandbox Brad Hill

Tuesday, 18 November 2014

• some testing on workers and sandbox Brad Hill
• Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG Mike West
• Call for consensus to move forward with proposed rechartering of WebAppSec WG Brad Hill
• Re: Early morning thoughts on referrers. Brad Hill
• Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] Brad Hill
• Re: [MIX] Language improvement for authenticated origin defintiion Mark Watson
• Re: [MIX] Language improvement for authenticated origin defintiion Jeffrey Yasskin
• [MIX] Language improvement for authenticated origin defintiion Mark Watson
• [MIX] link rel=icon Pete Freitag
• Re: [MIX] Initial feedback on Mixed Content Mike West
• Re: [CSP] Clarifications regarding the HTTP LINK Header Anne van Kesteren
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] Deian Stefan
• Re: [MIX] Initial feedback on Mixed Content Brian Smith
• Re: [MIX] Initial feedback on Mixed Content Brian Smith
• Re: Early morning thoughts on referrers. Devdatta Akhawe
• Re: Early morning thoughts on referrers. Brad Hill
• Re: [CSP] Clarifications regarding the HTTP LINK Header Deian Stefan
• Re: [CSP] Clarifications regarding the HTTP LINK Header Brian Smith
• Re: [CSP] Clarifications regarding the HTTP LINK Header Brad Hill
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: [CSP] Clarifications regarding the HTTP LINK Header Deian Stefan

Monday, 17 November 2014

• Re: [CSP] Clarifications regarding the HTTP LINK Header Brad Hill
• Re: [SRI] Escaping mixed-content blocking for video distribution Brad Hill
• webappsec-ISSUE-72 (Streaming Integrity): How to apply integrity verification to large / streaming downloads [Subresource Integrity Level 2] Web Application Security Working Group Issue Tracker
• webappsec-ACTION-207: Raise definition of sandboxed worker in html spec Web Application Security Working Group Issue Tracker
• webappsec-ACTION-206: Reply on referrer suggest imperative policy controls in serviceworker Web Application Security Working Group Issue Tracker
• webappsec-ACTION-205: Does link really violate csp guarantees? Web Application Security Working Group Issue Tracker
• webappsec-ACTION-204: Reply to mark watson that 1/2 of his issue is a last call comment to mix Web Application Security Working Group Issue Tracker
• webappsec-ACTION-203: Raise issue for sri large object /streaming integrity Web Application Security Working Group Issue Tracker
• webappsec-ACTION-202: Issue cfc on new draft charter Web Application Security Working Group Issue Tracker
• webappsec-ACTION-201: Add permissions api to draft charter Web Application Security Working Group Issue Tracker
• webappsec-ACTION-200: Investigate git issue tooling with other w3c groups Web Application Security Working Group Issue Tracker
• Re: [webappsec] Agenda for Teleconference, Monday 17 Nov 2014 Mike West
• Re: [CSP] PING-- CSP vs. Fetch Mike West
• [webappsec] Agenda for Teleconference, Monday 17 Nov 2014 Brad Hill
• [Bug 27341] New: consider replacing integrity-metatata ABNF production with a precise prose definition of the datatype/microsyntax bugzilla@jessica.w3.org

Saturday, 15 November 2014

• [CSP] PING-- CSP vs. Fetch Daniel Veditz

Friday, 14 November 2014

• [webappsec] "operator eval" Brad Hill
• Netflix, MSE, and EME Anne van Kesteren
• Re: [SRI] Escaping mixed-content blocking for video distribution Chris Palmer
• Re: [CSP] Clarifications regarding the HTTP LINK Header Ilya Grigorik
• TPAC survey Brad Hill
• Re: [MIX] Initial feedback on Mixed Content Jake Archibald
• Re: [MIX] Initial feedback on Mixed Content Mike West
• Re: [CSP] Clarifications regarding the HTTP LINK Header Anne van Kesteren
• Re: [webappsec] Rechartering: force secure-only child browsing contexts Mike West
• Re: [webappsec] Rechartering: force secure-only child browsing contexts Brian Smith
• [MIX] Initial feedback on Mixed Content Brian Smith
• Re: [webappsec] Rechartering: force secure-only child browsing contexts Ryan Sleevi
• Re: [webappsec] Rechartering: force secure-only child browsing contexts Brian Smith
• Re: [CSP] Clarifications regarding the HTTP LINK Header Brian Smith

Thursday, 13 November 2014

• Re: Avoiding syncronous manifest requests in EPR David Ross
• Call for Exclusions: Mixed Content Coralie Mercier
• Re: Rechartering: Permissions API Mounir Lamouri
• Re: Rechartering: Permissions API Brad Hill
• Re: [CSP] Clarifications regarding the HTTP LINK Header Ilya Grigorik
• Re: Rechartering: Permissions API Daniel Veditz
• Re: Rechartering: Permissions API Mounir Lamouri
• Re: [SRI] Escaping mixed-content blocking for video distribution Anne van Kesteren
• Re: Rechartering: Permissions API Mike West
• Re: [SRI] Escaping mixed-content blocking for video distribution Mike West
• Re: [webappsec] Rechartering: Credential Management API Mike West
• Re: [SRI] Escaping mixed-content blocking for video distribution Anne van Kesteren
• Re: [SRI] Escaping mixed-content blocking for video distribution Mike West
• Re: [SRI] Escaping mixed-content blocking for video distribution Anne van Kesteren
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: [CSP] Clarifications regarding the HTTP LINK Header Boris Zbarsky
• Re: [SRI] Escaping mixed-content blocking for video distribution Brian Smith
• Re: [CSP] Clarifications regarding the HTTP LINK Header Brian Smith

Wednesday, 12 November 2014

• Re: [CSP] Clarifications regarding the HTTP LINK Header Ilya Grigorik
• Re: [CSP] Clarifications regarding the HTTP LINK Header Brian Smith
• Re: [CSP] Clarifications regarding the HTTP LINK Header Ilya Grigorik
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: [SRI] Escaping mixed-content blocking for video distribution Brian Smith
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things Brad Hill
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: Clarification of CSP sandbox and workers Ian Hickson
• Re: [SRI] Escaping mixed-content blocking for video distribution Brad Hill
• Re: Rechartering: Permissions API Daniel Veditz
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: [SRI] Escaping mixed-content blocking for video distribution Anne van Kesteren
• Re: [SRI] Escaping mixed-content blocking for video distribution Brad Hill
• Re: Rechartering: Permissions API Brad Hill
• Re: Clarification of CSP sandbox and workers Deian Stefan
• Rechartering: Permissions API Mounir Lamouri
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: Clarification of CSP sandbox and workers Mike West
• Re: [webappsec] Rechartering: force secure-only child browsing contexts Mike West
• Re: [CSP] URI/IRI normalization and comparison Anne van Kesteren
• Re: Clarification of CSP sandbox and workers Anne van Kesteren
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• Re: [CSP] URI/IRI normalization and comparison Anne van Kesteren
• Re: [webappsec] Rechartering: force secure-only child browsing contexts Brian Smith
• Re: [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete? Brian Smith

Tuesday, 11 November 2014

• Re: [CSP] Clarifications regarding the HTTP LINK Header Brian Smith
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• Re: [webappsec] New W3C process and Last Call =JeffH
• Re: [CSP] Clarifications regarding the HTTP LINK Header Ilya Grigorik
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• [Bug 27302] New: Define an elaboration of #may-document-use-powerful-features that checks ancestor browsing contexts bugzilla@jessica.w3.org
• Re: [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 timeless
• Re: [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 Mike West
• Re: [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 timeless
• Re: Bug tracking Mike West
• [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 timeless@gmail.com
• Re: RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 Mike West
• Re: [webappsec] Draft charter for review Mike West
• Re: [webappsec] New W3C process and Last Call Brad Hill
• Re: [webappsec] New W3C process and Last Call Wendy Seltzer
• Re: [webappsec] Rechartering: Sub-Origins Brian Smith
• Re: [webappsec] New W3C process and Last Call chaals@yandex-team.ru
• Re: [webappsec] Rechartering: Sub-Origins Michal Zalewski

Monday, 10 November 2014

• Re: [webappsec] Rechartering: Sub-Origins Brad Hill
• Re: Bug tracking Brad Hill
• Re: [webappsec] Rechartering: Sub-Origins Brian Smith
• Re: [webappsec] Rechartering: Sub-Origins Brad Hill
• Re: [webappsec] Rechartering: Sub-Origins David Bruant
• Re: [webappsec] New W3C process and Last Call Ian Melven
• [webappsec] New W3C process and Last Call Brad Hill
• Re: [webappsec] Rechartering: Write-Only Form Elements Brad Hill
• Re: [webappsec] Rechartering: Write-Only Form Elements Daniel Kahn Gillmor
• [webappsec] Draft charter for review Brad Hill
• Re: CfC: Mixed Content to Last Call? Brad Hill
• Re: CfC: Mixed Content to Last Call? Wendy Seltzer
• Re: [webappsec] Rechartering: Sub-Origins Devdatta Akhawe
• Re: [webappsec] Rechartering: Sub-Origins Michal Zalewski
• Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things Brad Hill
• Re: [webappsec] Rechartering: force secure-only child browsing contexts Brad Hill
• Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things Anne van Kesteren
• Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things Chris Palmer
• Re: [webappsec] Rechartering: Sub-Origins Mike West
• Re: [webappsec] Rechartering: Sub-Origins David Bruant
• Re: Early morning thoughts on referrers. Anne van Kesteren
• [Bug 27291] New: Referrer: Consider a mechanism to specify a referrer URL. bugzilla@jessica.w3.org
• Re: Early morning thoughts on referrers. Jochen Eisinger
• Re: [CSP] <meta> clarifications Anne van Kesteren
• Re: Should CSP affect a Notification icon? Jim Manico
• Re: [webappsec] Rechartering: force secure-only child browsing contexts Anne van Kesteren
• Re: [CSP] URI/IRI normalization and comparison Anne van Kesteren
• Re: Early morning thoughts on referrers. Anne van Kesteren
• Re: Should CSP affect a Notification icon? Anne van Kesteren
• Re: Should CSP affect a Notification icon? Anne van Kesteren
• Re: [CSP] URI/IRI normalization and comparison Anne van Kesteren
• Re: Early morning thoughts on referrers. Brian Smith
• Re: [webappsec] Rechartering: COWL Deian Stefan
• Re: Should CSP affect a Notification icon? Daniel Veditz
• [webappsec] Rechartering: COWL Brad Hill
• [webappsec] Rechartering: Entry Point Regulation (EPR) Brad Hill
• Re: CfC: Mixed Content to Last Call? Mike West
• Early morning thoughts on referrers. Mike West
• Re: Referrer Policy: Same-origin URIs Devdatta Akhawe
• Re: [webappsec] Rechartering: Sub-Origins Deian Stefan
• Re: Referrer Policy: Same-origin URIs Brian Smith
• Re: Should CSP affect a Notification icon? Devdatta Akhawe
• Re: Should CSP affect a Notification icon? Deian Stefan
• Re: [webappsec] Rechartering: Sub-Origins Devdatta Akhawe
• Re: Should CSP affect a Notification icon? Brian Smith
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• Re: Should CSP affect a Notification icon? Jim Manico
• Re: Should CSP affect a Notification icon? Daniel Veditz
• [webappsec] Rechartering: additional cookie data Brad Hill
• [webappsec] Rechartering: Web Authentication v.Next Brad Hill
• [webappsec] Rechartering: Secure Introduction of Internet-Connected Things Brad Hill
• [webappsec] Rechartering: sandboxed cross-origin workers Brad Hill
• [webappsec] Rechartering: force secure-only child browsing contexts Brad Hill
• [webappsec] Rechartering: Sub-Origins Brad Hill
• [webappsec] Rechartering: CSP Level 3 Brad Hill
• [webappsec] Rechartering: MIME-type sniffing Brad Hill

Sunday, 9 November 2014

• [webappsec] Rechartering: Write-Only Form Elements Brad Hill
• [webappsec] Rechartering: Credential Management API Brad Hill
• Re: Should CSP affect a Notification icon? Brian Smith
• Re: Should CSP affect a Notification icon? Brian Smith
• [CSP] <meta> clarifications Brian Smith
• Should CSP affect a Notification icon? Daniel Veditz
• [CSP] Clarifications regarding the HTTP LINK Header Brian Smith
• Re: Bug tracking Anne van Kesteren
• Re: Avoiding syncronous manifest requests in EPR Devdatta Akhawe
• Re: [SRI] To trust or not to trust a CDN Devdatta Akhawe
• Re: Referrer Policy: Same-origin URIs Devdatta Akhawe
• Re: Referrer Policy: Same-origin URIs Brian Smith
• Re: Referrer Policy: Same-origin URIs Devdatta Akhawe

Saturday, 8 November 2014

• Re: Referrer Policy: Same-origin URIs Michal Zalewski
• Re: Referrer Policy: Same-origin URIs Jim Manico
• Re: Referrer Policy: Same-origin URIs Michal Zalewski
• Re: Referrer Policy: Same-origin URIs Michal Zalewski
• Re: Referrer Policy: Same-origin URIs Michal Zalewski
• Referrer Policy: Same-origin URIs Devdatta Akhawe

Friday, 7 November 2014

• Re: [CSP] Clarifications on nonces Devdatta Akhawe
• Re: CfC: Mixed Content to Last Call? Mike West
• Re: CfC: Mixed Content to Last Call? Daniel Veditz
• Re: CfC: Mixed Content to Last Call? Wendy Seltzer
• Re: CfC: Mixed Content to Last Call? Brad Hill
• Re: CfC: Mixed Content to Last Call? Mike West
• Re: Bug tracking Frederik Braun
• Re: Bug tracking Mike West
• Bug tracking Anne van Kesteren
• Re: [CSP] Relative/absolute hostname matching Anne van Kesteren
• Re: [CSP] Relative/absolute hostname matching Mike West
• Re: [CSP] Relative/absolute hostname matching Anne van Kesteren
• Re: [CSP] URI/IRI normalization and comparison Anne van Kesteren
• Re: [CSP] Clarifications on nonces Brian Smith
• Re: [CSP] Clarifications on nonces Brian Smith

Thursday, 6 November 2014

• Re: Avoiding syncronous manifest requests in EPR David Ross
• Re: [CSP] violation reports for sandbox Brian Smith
• Re: [SRI] To trust or not to trust a CDN Brian Smith
• [CSP] URI/IRI normalization and comparison Brian Smith
• Re: [CSP] Relative/absolute hostname matching Brian Smith
• Re: [CSP] URI Query part matching Mike West
• Re: [CSP] Relative/absolute hostname matching Mike West
• [CSP] An outline of a taxonomy of CSP directives Brian Smith
• [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete? Brian Smith
• Re: CSP3: DOM API Strawman Devdatta Akhawe
• Re: [SRI] To trust or not to trust a CDN Devdatta Akhawe
• Re: [CSP] Clarifications on nonces Daniel Veditz
• Re: [CSP] violation reports for sandbox Devdatta Akhawe
• Re: [CSP] violation reports for sandbox Deian Stefan
• Re: [CSP] Clarifications on nonces Devdatta Akhawe
• Re: [CSP] violation reports for sandbox Daniel Veditz
• Call for Exclusions (Update): Referrer Policy Coralie Mercier
• [CSP] violation reports for sandbox Brian Smith
• [CSP] Consistency of CSP hash-source with SRI regarding secure origins Brian Smith
• [CSP] Clarifications on nonces Brian Smith
• [CSP] Relative/absolute hostname matching Brian Smith
• [CSP] URI Query part matching Brian Smith

Wednesday, 5 November 2014

• Re: WebRTC Security Assessment Rigo Wenning
• Re: WebRTC Security Assessment Daniel Kahn Gillmor
• WebRTC Security Assessment Rigo Wenning
• Re: [SRI] may only be used in documents in secure origins Pete Freitag
• Re: [SRI] may only be used in documents in secure origins Brian Smith
• Re: [SRI] may only be used in documents in secure origins Brian Smith
• Re: [SRI] may only be used in documents in secure origins Chris Palmer
• Re: CSP: Problems with referrer and reflected-xss Daniel Veditz
• Re: CSP: Problems with referrer and reflected-xss Mike West
• Re: CSP: Problems with referrer and reflected-xss Mike West
• Re: [SRI] may only be used in documents in secure origins Anne van Kesteren
• Re: CSP: Problems with referrer and reflected-xss Daniel Veditz
• Re: CSP: Problems with referrer and reflected-xss Devdatta Akhawe
• Re: Avoiding syncronous manifest requests in EPR Devdatta Akhawe
• Re: [SRI] may only be used in documents in secure origins Devdatta Akhawe
• Re: [SRI] may only be used in documents in secure origins Brian Smith
• Re: [SRI] To trust or not to trust a CDN Brian Smith
• Re: [SRI] To trust or not to trust a CDN Brian Smith
• Re: [SRI] may only be used in documents in secure origins Michal Zalewski
• Re: [SRI] To trust or not to trust a CDN Brian Smith
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: [SRI] Escaping mixed-content blocking for video distribution Adam Langley
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: CSP: Problems with referrer and reflected-xss Brian Smith

Tuesday, 4 November 2014

• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Sean Snider

Wednesday, 5 November 2014

• Re: [SRI] may only be used in documents in secure origins Chris Palmer

Tuesday, 4 November 2014

• Re: [CSP] Additional report field: report-only: "true|false" Brad Hill
• Re: [CSP] may we have script-ancestors to protect JSONP call Brad Hill
• webappsec-ISSUE-71 (JSONP directives): Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces [CSP Level 3] Web Application Security Working Group Issue Tracker
• Re: [CSP] prevent 401 attach Brad Hill
• Re: [SRI] may only be used in documents in secure origins Michal Zalewski
• Re: CSP: Problems with referrer and reflected-xss Brad Hill
• webappsec-ISSUE-70 (Using ni:/// as CSP source): Investigate using ni:/// as a CSP source expression [CSP Next] Web Application Security Working Group Issue Tracker
• Re: [SRI] may only be used in documents in secure origins Tanvi Vyas
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Sean Snider
• Re: Avoiding syncronous manifest requests in EPR David Ross
• Re: CSP3: DOM API Strawman Mike West
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Brad Hill
• Re: CSP3: DOM API Strawman Devdatta Akhawe
• Re: Avoiding syncronous manifest requests in EPR Devdatta Akhawe
• Re: [SRI] may only be used in documents in secure origins Chris Palmer
• Re: [SRI] may only be used in documents in secure origins Joel Weinberger

Monday, 3 November 2014

• Re: Frame access Brad Hill
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Brad Hill
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Sean Snider
• Re: [SRI] Escaping mixed-content blocking for video distribution Adam Langley
• Re: [CSP] Implementer differences: window.open Mike West
• Re: CSP3: DOM API Strawman Boris Zbarsky
• Re: [webappsec] TPAC summary Mike West
• Avoiding syncronous manifest requests in EPR David Ross
• Re: [SRI] Escaping mixed-content blocking for video distribution Mike West
• [webappsec] TPAC summary Brad Hill
• [SRI] Escaping mixed-content blocking for video distribution Mark Watson
• Re: [MIX] 4.5 User Controls Brad Hill
• Re: [webappsec] Agenda for Teleconference, Monday 03 Nov 2014 Frederik Braun
• Re: [SRI] may only be used in documents in secure origins Frederik Braun
• [SRI] may only be used in documents in secure origins Pete Freitag
• RE: [MIX] 4.5 User Controls Mike O'Neill
• Re: CSP3: DOM API Strawman Mike West
• Re: CSP3: DOM API Strawman Boris Zbarsky
• Re: CSP3: DOM API Strawman Mike West
• Re: CSP3: DOM API Strawman Boris Zbarsky
• CSP3: DOM API Strawman Mike West
• Re: [MIX] Modifications to script APIs Mike West
• Re: [MIX] Modifications to script APIs Mike West
• [webappsec] Agenda for Teleconference, Monday 03 Nov 2014 Brad Hill
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Brad Hill
• Re: [MIX] 4.5 User Controls Brad Hill

Last message date: Friday, 28 November 2014 17:11:31 UTC