from November 2014 by subject

"Requirements for Powerful Features" strawman.

[Bug 27291] New: Referrer: Consider a mechanism to specify a referrer URL.

[Bug 27302] New: Define an elaboration of #may-document-use-powerful-features that checks ancestor browsing contexts

[Bug 27341] New: consider replacing integrity-metatata ABNF production with a precise prose definition of the datatype/microsyntax

[CSP] <meta> clarifications

[CSP] Additional report field: report-only: "true|false"

[CSP] An outline of a taxonomy of CSP directives

[CSP] Clarifications on nonces

[CSP] Clarifications regarding the HTTP LINK Header

[CSP] Consistency of CSP hash-source with SRI regarding secure origins

[CSP] Implementer differences:

[CSP] may we have script-ancestors to protect JSONP call

[CSP] outbound links

[CSP] PING-- CSP vs. Fetch

[CSP] prevent 401 attach

[CSP] Problems with frame-ancestors; X-Frame-Options not obsolete?

[CSP] Relative/absolute hostname matching

[CSP] URI Query part matching

[CSP] URI/IRI normalization and comparison

[CSP] violation reports for sandbox

[MIX] 4.5 User Controls

[MIX] HTTPS -> non-HTTPS redirects

[MIX] Initial feedback on Mixed Content

[MIX] Interaction between HSTS and mixed content blocking

[MIX] Language improvement for authenticated origin defintiion

[MIX] link rel=icon

[MIX] Modifications to script APIs

[MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11

[power] simplify 2.1

[SRI] Escaping mixed-content blocking for video distribution

[SRI] may only be used in documents in secure origins

[SRI] To trust or not to trust a CDN

[webappsec] "operator eval"

[webappsec] Agenda for Teleconference, Monday 03 Nov 2014

[webappsec] Agenda for Teleconference, Monday 17 Nov 2014

[webappsec] Draft charter for review

[webappsec] New W3C process and Last Call

[webappsec] Rechartering: additional cookie data

[webappsec] Rechartering: COWL

[webappsec] Rechartering: Credential Management API

[webappsec] Rechartering: CSP Level 3

[webappsec] Rechartering: Entry Point Regulation (EPR)

[webappsec] Rechartering: force secure-only child browsing contexts

[webappsec] Rechartering: MIME-type sniffing

[webappsec] Rechartering: sandboxed cross-origin workers

[webappsec] Rechartering: Secure Introduction of Internet-Connected Things

[webappsec] Rechartering: Sub-Origins

[webappsec] Rechartering: Web Authentication v.Next

[webappsec] Rechartering: Write-Only Form Elements

[webappsec] TPAC summary

Avoiding syncronous manifest requests in EPR

Bug tracking

Call for consensus to move forward with proposed rechartering of WebAppSec WG

Call for Exclusions (Update): Referrer Policy

Call for Exclusions: Mixed Content

CfC: Mixed Content to Last Call?

CfC: Publish a FPWD of "Requirements for Powerful Features"

Clarification of CSP sandbox and workers

CSP3: DOM API Strawman

CSP: Problems with referrer and reflected-xss

Early morning thoughts on referrers.

Frame access

Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)

Netflix, MSE, and EME

Rechartering: Permissions API

Referrer Policy: Same-origin URIs

RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11

Should CSP affect a Notification icon?

snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"

some testing on workers and sandbox

TPAC survey

webappsec-ACTION-200: Investigate git issue tooling with other w3c groups

webappsec-ACTION-201: Add permissions api to draft charter

webappsec-ACTION-202: Issue cfc on new draft charter

webappsec-ACTION-203: Raise issue for sri large object /streaming integrity

webappsec-ACTION-204: Reply to mark watson that 1/2 of his issue is a last call comment to mix

webappsec-ACTION-205: Does link really violate csp guarantees?

webappsec-ACTION-206: Reply on referrer suggest imperative policy controls in serviceworker

webappsec-ACTION-207: Raise definition of sandboxed worker in html spec

webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]

webappsec-ISSUE-70 (Using ni:/// as CSP source): Investigate using ni:/// as a CSP source expression [CSP Next]

webappsec-ISSUE-71 (JSONP directives): Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces [CSP Level 3]

webappsec-ISSUE-72 (Streaming Integrity): How to apply integrity verification to large / streaming downloads [Subresource Integrity Level 2]

WebRTC Security Assessment

Last message date: Friday, 28 November 2014 17:11:31 UTC