public-webappsec@w3.org from November 2014 by thread

[power] simplify 2.1 chaals@yandex-team.ru (Tuesday, 25 November)

[MIX] HTTPS -> non-HTTPS redirects Brian Smith (Tuesday, 25 November)

CfC: Publish a FPWD of "Requirements for Powerful Features" Mike West (Monday, 24 November)

[CSP] outbound links Nottingham, Mark (Sunday, 23 November)

"Requirements for Powerful Features" strawman. Mike West (Thursday, 20 November)

[MIX] Interaction between HSTS and mixed content blocking Brian Smith (Wednesday, 19 November)

some testing on workers and sandbox Brad Hill (Tuesday, 18 November)

Call for consensus to move forward with proposed rechartering of WebAppSec WG Brad Hill (Tuesday, 18 November)

[MIX] Language improvement for authenticated origin defintiion Mark Watson (Tuesday, 18 November)

[MIX] link rel=icon Pete Freitag (Tuesday, 18 November)

Re: webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] Deian Stefan (Tuesday, 18 November)

webappsec-ISSUE-72 (Streaming Integrity): How to apply integrity verification to large / streaming downloads [Subresource Integrity Level 2] Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-207: Raise definition of sandboxed worker in html spec Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-206: Reply on referrer suggest imperative policy controls in serviceworker Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-205: Does link really violate csp guarantees? Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-204: Reply to mark watson that 1/2 of his issue is a last call comment to mix Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-203: Raise issue for sri large object /streaming integrity Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-202: Issue cfc on new draft charter Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-201: Add permissions api to draft charter Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-200: Investigate git issue tooling with other w3c groups Web Application Security Working Group Issue Tracker (Monday, 17 November)

[webappsec] Agenda for Teleconference, Monday 17 Nov 2014 Brad Hill (Monday, 17 November)

[Bug 27341] New: consider replacing integrity-metatata ABNF production with a precise prose definition of the datatype/microsyntax bugzilla@jessica.w3.org (Monday, 17 November)

[CSP] PING-- CSP vs. Fetch Daniel Veditz (Saturday, 15 November)

[webappsec] "operator eval" Brad Hill (Friday, 14 November)

Netflix, MSE, and EME Anne van Kesteren (Friday, 14 November)

TPAC survey Brad Hill (Friday, 14 November)

[MIX] Initial feedback on Mixed Content Brian Smith (Friday, 14 November)

Call for Exclusions: Mixed Content Coralie Mercier (Thursday, 13 November)

Rechartering: Permissions API Mounir Lamouri (Wednesday, 12 November)

Re: Clarification of CSP sandbox and workers Anne van Kesteren (Wednesday, 12 November)

[Bug 27302] New: Define an elaboration of #may-document-use-powerful-features that checks ancestor browsing contexts bugzilla@jessica.w3.org (Tuesday, 11 November)

Re: [MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 timeless (Tuesday, 11 November)

[MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 timeless@gmail.com (Tuesday, 11 November)

Re: RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11 Mike West (Tuesday, 11 November)

[webappsec] New W3C process and Last Call Brad Hill (Monday, 10 November)

[webappsec] Draft charter for review Brad Hill (Monday, 10 November)

[Bug 27291] New: Referrer: Consider a mechanism to specify a referrer URL. bugzilla@jessica.w3.org (Monday, 10 November)

[webappsec] Rechartering: COWL Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Entry Point Regulation (EPR) Brad Hill (Monday, 10 November)

Early morning thoughts on referrers. Mike West (Monday, 10 November)

[webappsec] Rechartering: additional cookie data Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Web Authentication v.Next Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Secure Introduction of Internet-Connected Things Brad Hill (Monday, 10 November)

[webappsec] Rechartering: sandboxed cross-origin workers Brad Hill (Monday, 10 November)

[webappsec] Rechartering: force secure-only child browsing contexts Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Sub-Origins Brad Hill (Monday, 10 November)

[webappsec] Rechartering: CSP Level 3 Brad Hill (Monday, 10 November)

[webappsec] Rechartering: MIME-type sniffing Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Write-Only Form Elements Brad Hill (Sunday, 9 November)

[webappsec] Rechartering: Credential Management API Brad Hill (Sunday, 9 November)

[CSP] <meta> clarifications Brian Smith (Sunday, 9 November)

Should CSP affect a Notification icon? Daniel Veditz (Sunday, 9 November)

[CSP] Clarifications regarding the HTTP LINK Header Brian Smith (Sunday, 9 November)

Referrer Policy: Same-origin URIs Devdatta Akhawe (Saturday, 8 November)

Re: CfC: Mixed Content to Last Call? Mike West (Friday, 7 November)

Bug tracking Anne van Kesteren (Friday, 7 November)

[CSP] URI/IRI normalization and comparison Brian Smith (Thursday, 6 November)

[CSP] An outline of a taxonomy of CSP directives Brian Smith (Thursday, 6 November)

[CSP] Problems with frame-ancestors; X-Frame-Options not obsolete? Brian Smith (Thursday, 6 November)

Call for Exclusions (Update): Referrer Policy Coralie Mercier (Thursday, 6 November)

[CSP] violation reports for sandbox Brian Smith (Thursday, 6 November)

[CSP] Consistency of CSP hash-source with SRI regarding secure origins Brian Smith (Thursday, 6 November)

[CSP] Clarifications on nonces Brian Smith (Thursday, 6 November)

[CSP] Relative/absolute hostname matching Brian Smith (Thursday, 6 November)

[CSP] URI Query part matching Brian Smith (Thursday, 6 November)

WebRTC Security Assessment Rigo Wenning (Wednesday, 5 November)

Re: [SRI] To trust or not to trust a CDN Brian Smith (Wednesday, 5 November)

Re: [CSP] Additional report field: report-only: "true|false" Brad Hill (Tuesday, 4 November)

Re: [CSP] may we have script-ancestors to protect JSONP call Brad Hill (Tuesday, 4 November)

webappsec-ISSUE-71 (JSONP directives): Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces [CSP Level 3] Web Application Security Working Group Issue Tracker (Tuesday, 4 November)

Re: [CSP] prevent 401 attach Brad Hill (Tuesday, 4 November)

Re: CSP: Problems with referrer and reflected-xss Brad Hill (Tuesday, 4 November)

webappsec-ISSUE-70 (Using ni:/// as CSP source): Investigate using ni:/// as a CSP source expression [CSP Next] Web Application Security Working Group Issue Tracker (Tuesday, 4 November)

Re: Frame access Brad Hill (Monday, 3 November)

Re: [CSP] Implementer differences: window.open Mike West (Monday, 3 November)

Avoiding syncronous manifest requests in EPR David Ross (Monday, 3 November)

[webappsec] TPAC summary Brad Hill (Monday, 3 November)

[SRI] Escaping mixed-content blocking for video distribution Mark Watson (Monday, 3 November)

[SRI] may only be used in documents in secure origins Pete Freitag (Monday, 3 November)

CSP3: DOM API Strawman Mike West (Monday, 3 November)

Re: [MIX] Modifications to script APIs Mike West (Monday, 3 November)

[webappsec] Agenda for Teleconference, Monday 03 Nov 2014 Brad Hill (Monday, 3 November)

Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Brad Hill (Monday, 3 November)

Re: [MIX] 4.5 User Controls Brad Hill (Monday, 3 November)

Last message date: Friday, 28 November 2014 17:11:31 UTC