Friday, 28 November 2014
- Re: [MIX] Initial feedback on Mixed Content
- Re: [power] simplify 2.1
- Re: snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: [power] simplify 2.1
- Re: snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: [MIX] Initial feedback on Mixed Content
Tuesday, 25 November 2014
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- [power] simplify 2.1
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: [MIX] Initial feedback on Mixed Content
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: [MIX] Initial feedback on Mixed Content
- Re: [MIX] HTTPS -> non-HTTPS redirects
- [MIX] HTTPS -> non-HTTPS redirects
Monday, 24 November 2014
- Re: [MIX] Initial feedback on Mixed Content
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: CfC: Publish a FPWD of "Requirements for Powerful Features"
- CfC: Publish a FPWD of "Requirements for Powerful Features"
- Re: [MIX] Initial feedback on Mixed Content
Sunday, 23 November 2014
- Re: [MIX] Initial feedback on Mixed Content
- [CSP] outbound links
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: [webappsec] Rechartering: Sub-Origins
Saturday, 22 November 2014
Friday, 21 November 2014
- Re: [MIX] Initial feedback on Mixed Content
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: [SRI] To trust or not to trust a CDN
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
Thursday, 20 November 2014
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: some testing on workers and sandbox
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: "Requirements for Powerful Features" strawman.
- Re: [SRI] To trust or not to trust a CDN
- "Requirements for Powerful Features" strawman.
- Re: some testing on workers and sandbox
- Re: some testing on workers and sandbox
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
Wednesday, 19 November 2014
- Re: Early morning thoughts on referrers.
- Re: some testing on workers and sandbox
- Re: [MIX] Interaction between HSTS and mixed content blocking
- Re: [MIX] Interaction between HSTS and mixed content blocking
- Re: [MIX] Interaction between HSTS and mixed content blocking
- Re: [MIX] Interaction between HSTS and mixed content blocking
- [MIX] Interaction between HSTS and mixed content blocking
- Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG
- Re: some testing on workers and sandbox
- Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG
- Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG
- Re: some testing on workers and sandbox
- Re: some testing on workers and sandbox
- Re: some testing on workers and sandbox
Tuesday, 18 November 2014
- some testing on workers and sandbox
- Re: Call for consensus to move forward with proposed rechartering of WebAppSec WG
- Call for consensus to move forward with proposed rechartering of WebAppSec WG
- Re: Early morning thoughts on referrers.
- Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]
- Re: [MIX] Language improvement for authenticated origin defintiion
- Re: [MIX] Language improvement for authenticated origin defintiion
- [MIX] Language improvement for authenticated origin defintiion
- [MIX] link rel=icon
- Re: [MIX] Initial feedback on Mixed Content
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [CSP] URI/IRI normalization and comparison
- Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]
- Re: [MIX] Initial feedback on Mixed Content
- Re: [MIX] Initial feedback on Mixed Content
- Re: Early morning thoughts on referrers.
- Re: Early morning thoughts on referrers.
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [CSP] Clarifications regarding the HTTP LINK Header
Monday, 17 November 2014
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [SRI] Escaping mixed-content blocking for video distribution
- webappsec-ISSUE-72 (Streaming Integrity): How to apply integrity verification to large / streaming downloads [Subresource Integrity Level 2]
- webappsec-ACTION-207: Raise definition of sandboxed worker in html spec
- webappsec-ACTION-206: Reply on referrer suggest imperative policy controls in serviceworker
- webappsec-ACTION-205: Does link really violate csp guarantees?
- webappsec-ACTION-204: Reply to mark watson that 1/2 of his issue is a last call comment to mix
- webappsec-ACTION-203: Raise issue for sri large object /streaming integrity
- webappsec-ACTION-202: Issue cfc on new draft charter
- webappsec-ACTION-201: Add permissions api to draft charter
- webappsec-ACTION-200: Investigate git issue tooling with other w3c groups
- Re: [webappsec] Agenda for Teleconference, Monday 17 Nov 2014
- Re: [CSP] PING-- CSP vs. Fetch
- [webappsec] Agenda for Teleconference, Monday 17 Nov 2014
- [Bug 27341] New: consider replacing integrity-metatata ABNF production with a precise prose definition of the datatype/microsyntax
Saturday, 15 November 2014
Friday, 14 November 2014
- [webappsec] "operator eval"
- Netflix, MSE, and EME
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- TPAC survey
- Re: [MIX] Initial feedback on Mixed Content
- Re: [MIX] Initial feedback on Mixed Content
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [webappsec] Rechartering: force secure-only child browsing contexts
- Re: [webappsec] Rechartering: force secure-only child browsing contexts
- [MIX] Initial feedback on Mixed Content
- Re: [webappsec] Rechartering: force secure-only child browsing contexts
- Re: [webappsec] Rechartering: force secure-only child browsing contexts
- Re: [CSP] Clarifications regarding the HTTP LINK Header
Thursday, 13 November 2014
- Re: Avoiding syncronous manifest requests in EPR
- Call for Exclusions: Mixed Content
- Re: Rechartering: Permissions API
- Re: Rechartering: Permissions API
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: Rechartering: Permissions API
- Re: Rechartering: Permissions API
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: Rechartering: Permissions API
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [webappsec] Rechartering: Credential Management API
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [CSP] Clarifications regarding the HTTP LINK Header
Wednesday, 12 November 2014
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: Clarification of CSP sandbox and workers
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: Rechartering: Permissions API
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: Rechartering: Permissions API
- Re: Clarification of CSP sandbox and workers
- Rechartering: Permissions API
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: Clarification of CSP sandbox and workers
- Re: [webappsec] Rechartering: force secure-only child browsing contexts
- Re: [CSP] URI/IRI normalization and comparison
- Re: Clarification of CSP sandbox and workers
- Re: [CSP] URI/IRI normalization and comparison
- Re: [CSP] URI/IRI normalization and comparison
- Re: [webappsec] Rechartering: force secure-only child browsing contexts
- Re: [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete?
Tuesday, 11 November 2014
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [CSP] URI/IRI normalization and comparison
- Re: [webappsec] New W3C process and Last Call
- Re: [CSP] Clarifications regarding the HTTP LINK Header
- Re: [CSP] URI/IRI normalization and comparison
- Re: [CSP] URI/IRI normalization and comparison
- [Bug 27302] New: Define an elaboration of #may-document-use-powerful-features that checks ancestor browsing contexts
- Re: [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11
- Re: [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11
- Re: [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11
- Re: Bug tracking
- [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11
- Re: RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11
- Re: [webappsec] Draft charter for review
- Re: [webappsec] New W3C process and Last Call
- Re: [webappsec] New W3C process and Last Call
- Re: [webappsec] Rechartering: Sub-Origins
- Re: [webappsec] New W3C process and Last Call
- Re: [webappsec] Rechartering: Sub-Origins
Monday, 10 November 2014
- Re: [webappsec] Rechartering: Sub-Origins
- Re: Bug tracking
- Re: [webappsec] Rechartering: Sub-Origins
- Re: [webappsec] Rechartering: Sub-Origins
- Re: [webappsec] Rechartering: Sub-Origins
- Re: [webappsec] New W3C process and Last Call
- [webappsec] New W3C process and Last Call
- Re: [webappsec] Rechartering: Write-Only Form Elements
- Re: [webappsec] Rechartering: Write-Only Form Elements
- [webappsec] Draft charter for review
- Re: CfC: Mixed Content to Last Call?
- Re: CfC: Mixed Content to Last Call?
- Re: [webappsec] Rechartering: Sub-Origins
- Re: [webappsec] Rechartering: Sub-Origins
- Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things
- Re: [webappsec] Rechartering: force secure-only child browsing contexts
- Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things
- Re: [webappsec] Rechartering: Secure Introduction of Internet-Connected Things
- Re: [webappsec] Rechartering: Sub-Origins
- Re: [webappsec] Rechartering: Sub-Origins
- Re: Early morning thoughts on referrers.
- [Bug 27291] New: Referrer: Consider a mechanism to specify a referrer URL.
- Re: Early morning thoughts on referrers.
- Re: [CSP] <meta> clarifications
- Re: Should CSP affect a Notification icon?
- Re: [webappsec] Rechartering: force secure-only child browsing contexts
- Re: [CSP] URI/IRI normalization and comparison
- Re: Early morning thoughts on referrers.
- Re: Should CSP affect a Notification icon?
- Re: Should CSP affect a Notification icon?
- Re: [CSP] URI/IRI normalization and comparison
- Re: Early morning thoughts on referrers.
- Re: [webappsec] Rechartering: COWL
- Re: Should CSP affect a Notification icon?
- [webappsec] Rechartering: COWL
- [webappsec] Rechartering: Entry Point Regulation (EPR)
- Re: CfC: Mixed Content to Last Call?
- Early morning thoughts on referrers.
- Re: Referrer Policy: Same-origin URIs
- Re: [webappsec] Rechartering: Sub-Origins
- Re: Referrer Policy: Same-origin URIs
- Re: Should CSP affect a Notification icon?
- Re: Should CSP affect a Notification icon?
- Re: [webappsec] Rechartering: Sub-Origins
- Re: Should CSP affect a Notification icon?
- Re: [CSP] URI/IRI normalization and comparison
- Re: [CSP] URI/IRI normalization and comparison
- Re: Should CSP affect a Notification icon?
- Re: Should CSP affect a Notification icon?
- [webappsec] Rechartering: additional cookie data
- [webappsec] Rechartering: Web Authentication v.Next
- [webappsec] Rechartering: Secure Introduction of Internet-Connected Things
- [webappsec] Rechartering: sandboxed cross-origin workers
- [webappsec] Rechartering: force secure-only child browsing contexts
- [webappsec] Rechartering: Sub-Origins
- [webappsec] Rechartering: CSP Level 3
- [webappsec] Rechartering: MIME-type sniffing
Sunday, 9 November 2014
- [webappsec] Rechartering: Write-Only Form Elements
- [webappsec] Rechartering: Credential Management API
- Re: Should CSP affect a Notification icon?
- Re: Should CSP affect a Notification icon?
- [CSP] <meta> clarifications
- Should CSP affect a Notification icon?
- [CSP] Clarifications regarding the HTTP LINK Header
- Re: Bug tracking
- Re: Avoiding syncronous manifest requests in EPR
- Re: [SRI] To trust or not to trust a CDN
- Re: Referrer Policy: Same-origin URIs
- Re: Referrer Policy: Same-origin URIs
- Re: Referrer Policy: Same-origin URIs
Saturday, 8 November 2014
- Re: Referrer Policy: Same-origin URIs
- Re: Referrer Policy: Same-origin URIs
- Re: Referrer Policy: Same-origin URIs
- Re: Referrer Policy: Same-origin URIs
- Re: Referrer Policy: Same-origin URIs
- Referrer Policy: Same-origin URIs
Friday, 7 November 2014
- Re: [CSP] Clarifications on nonces
- Re: CfC: Mixed Content to Last Call?
- Re: CfC: Mixed Content to Last Call?
- Re: CfC: Mixed Content to Last Call?
- Re: CfC: Mixed Content to Last Call?
- Re: CfC: Mixed Content to Last Call?
- Re: Bug tracking
- Re: Bug tracking
- Bug tracking
- Re: [CSP] Relative/absolute hostname matching
- Re: [CSP] Relative/absolute hostname matching
- Re: [CSP] Relative/absolute hostname matching
- Re: [CSP] URI/IRI normalization and comparison
- Re: [CSP] Clarifications on nonces
- Re: [CSP] Clarifications on nonces
Thursday, 6 November 2014
- Re: Avoiding syncronous manifest requests in EPR
- Re: [CSP] violation reports for sandbox
- Re: [SRI] To trust or not to trust a CDN
- [CSP] URI/IRI normalization and comparison
- Re: [CSP] Relative/absolute hostname matching
- Re: [CSP] URI Query part matching
- Re: [CSP] Relative/absolute hostname matching
- [CSP] An outline of a taxonomy of CSP directives
- [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete?
- Re: CSP3: DOM API Strawman
- Re: [SRI] To trust or not to trust a CDN
- Re: [CSP] Clarifications on nonces
- Re: [CSP] violation reports for sandbox
- Re: [CSP] violation reports for sandbox
- Re: [CSP] Clarifications on nonces
- Re: [CSP] violation reports for sandbox
- Call for Exclusions (Update): Referrer Policy
- [CSP] violation reports for sandbox
- [CSP] Consistency of CSP hash-source with SRI regarding secure origins
- [CSP] Clarifications on nonces
- [CSP] Relative/absolute hostname matching
- [CSP] URI Query part matching
Wednesday, 5 November 2014
- Re: WebRTC Security Assessment
- Re: WebRTC Security Assessment
- WebRTC Security Assessment
- Re: [SRI] may only be used in documents in secure origins
- Re: [SRI] may only be used in documents in secure origins
- Re: [SRI] may only be used in documents in secure origins
- Re: [SRI] may only be used in documents in secure origins
- Re: CSP: Problems with referrer and reflected-xss
- Re: CSP: Problems with referrer and reflected-xss
- Re: CSP: Problems with referrer and reflected-xss
- Re: [SRI] may only be used in documents in secure origins
- Re: CSP: Problems with referrer and reflected-xss
- Re: CSP: Problems with referrer and reflected-xss
- Re: Avoiding syncronous manifest requests in EPR
- Re: [SRI] may only be used in documents in secure origins
- Re: [SRI] may only be used in documents in secure origins
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] may only be used in documents in secure origins
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: CSP: Problems with referrer and reflected-xss
Tuesday, 4 November 2014
Wednesday, 5 November 2014
Tuesday, 4 November 2014
- Re: [CSP] Additional report field: report-only: "true|false"
- Re: [CSP] may we have script-ancestors to protect JSONP call
- webappsec-ISSUE-71 (JSONP directives): Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces [CSP Level 3]
- Re: [CSP] prevent 401 attach
- Re: [SRI] may only be used in documents in secure origins
- Re: CSP: Problems with referrer and reflected-xss
- webappsec-ISSUE-70 (Using ni:/// as CSP source): Investigate using ni:/// as a CSP source expression [CSP Next]
- Re: [SRI] may only be used in documents in secure origins
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: Avoiding syncronous manifest requests in EPR
- Re: CSP3: DOM API Strawman
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: CSP3: DOM API Strawman
- Re: Avoiding syncronous manifest requests in EPR
- Re: [SRI] may only be used in documents in secure origins
- Re: [SRI] may only be used in documents in secure origins
Monday, 3 November 2014
- Re: Frame access
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: [SRI] Escaping mixed-content blocking for video distribution
- Re: [CSP] Implementer differences: window.open
- Re: CSP3: DOM API Strawman
- Re: [webappsec] TPAC summary
- Avoiding syncronous manifest requests in EPR
- Re: [SRI] Escaping mixed-content blocking for video distribution
- [webappsec] TPAC summary
- [SRI] Escaping mixed-content blocking for video distribution
- Re: [MIX] 4.5 User Controls
- Re: [webappsec] Agenda for Teleconference, Monday 03 Nov 2014
- Re: [SRI] may only be used in documents in secure origins
- [SRI] may only be used in documents in secure origins
- RE: [MIX] 4.5 User Controls
- Re: CSP3: DOM API Strawman
- Re: CSP3: DOM API Strawman
- Re: CSP3: DOM API Strawman
- Re: CSP3: DOM API Strawman
- CSP3: DOM API Strawman
- Re: [MIX] Modifications to script APIs
- Re: [MIX] Modifications to script APIs
- [webappsec] Agenda for Teleconference, Monday 03 Nov 2014
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: [MIX] 4.5 User Controls