Friday, 31 October 2014
- Re: [SRI] To trust or not to trust a CDN
- Re: [CSP] Implementer differences: window.open
- RE: Implementer differences
- [CSP] Implementer differences: window.open
- Re: Implementer differences
- RE: Implementer differences
- RE: [MIX] 4.5 User Controls
- Re: [MIX] 4.5 User Controls
- Re: [MIX] 4.5 User Controls
- Re: [MIX] Modifications to script APIs
- Re: [MIX] Modifications to script APIs
- Re: [MIX] 6.1 May browsing context use powerful features?
- Re: [MIX] 4.5 User Controls
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Re: [SRI] To trust or not to trust a CDN
Thursday, 30 October 2014
- Re: Implementer differences
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Implementer differences
- Re: [MIX] 4.5 User Controls
- Re: [MIX] 6.1 May browsing context use powerful features?
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Re: [MIX] Normative statements in 4.1 Resource Fetching
- Re: [MIX] Modifications to script APIs
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Re: [MIX] 5.1 Does settings object restrict mixed content?
- Re: [MIX] Modifications to script APIs
- Re: [MIX] Normative statements in 4.1 Resource Fetching
- Re: [MIX] 4.5 User Controls
- [MIX] 6.1 May browsing context use powerful features?
- Re: [MIX] Modifications to script APIs
- Re: [MIX] Normative statements in 4.1 Resource Fetching
- Re: [MIX] 4.5 User Controls
- Re: Permission that spans browsing contexts
- [MIX] 5.1 Does settings object restrict mixed content?
- [MIX] 4.5 User Controls
- [MIX] Normative statements in 4.1 Resource Fetching
- [MIX] Modifications to script APIs
- Permission that spans browsing contexts
- Re: CfC: Mixed Content to Last Call?
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
- Re: CfC: Mixed Content to Last Call?
Monday, 27 October 2014
Wednesday, 29 October 2014
- Re: [MIX] Is origin an authenticated origin?
- Re: [SRI] To trust or not to trust a CDN
- Re: CfC: Mixed Content to Last Call?
- Frame access
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: Minimum viable SRI?
- Re: [SRI] To trust or not to trust a CDN
- CfC: Mixed Content to Last Call?
- Re: [SRI] To trust or not to trust a CDN
- Re: FYI: Starting on CSP Next.
- Re: FYI: Starting on CSP Next.
- Re: Minimum viable SRI?
- Minimum viable SRI?
- FYI: Starting on CSP Next.
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
- Re: [SRI] To trust or not to trust a CDN
Tuesday, 28 October 2014
- [webappsec] do we want a way to hash data: and blob: uris?
- [SRI] To trust or not to trust a CDN
- [webappsec] TPAC agenda changes
- Re: [webappsec] F2F at TPAC on hold
- Re: [MIX] Is origin an authenticated origin?
- [webappsec] F2F at TPAC on hold
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: No-context ACTION emails are confusing
- No-context ACTION emails are confusing
- webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]
Monday, 27 October 2014
- [webappsec] survey results
- webappsec-ACTION-199: Keep topic of internet/intranet connectivity and https on the w3c radar
- webappsec-ACTION-198: Take bookmarklets discussion back to the list
- Re: [CSP] Inconsistency between Source hash introduction and Source hash usage
- Re: webappsec-ACTION-196: Remove intranet/internet section from Mixed Content spec
- Re: [integrity] Different ways to associate integrity information
- webappsec-ACTION-197: Schedule an ad-hoc at TPAC 2014 (+wseltzer, +plh, +robin, +tbl?)
- webappsec-ACTION-196: Remove intranet/internet section from Mixed Content spec
- Re: [CSP] Inconsistency between Source hash introduction and Source hash usage
- Re: [referrer] HTTPS->HTTP
- Re: [webappsec] Topics for Rechartering
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [CSP] Inconsistency between Source hash introduction and Source hash usage
- webappsec-ACTION-195: Respond to Hatter Jiang on JSONP directives - under consideration for v.Next
- webappsec-ACTION-194: Respond to Hatter Jiang on 401 attach
- webappsec-ISSUE-68 (401 prompting by subresources): How to manage 401 phishing prompts by subresources
- webappsec-ACTION-193: Respond to Brian Smith on referrer-policy
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- webappsec-ACTION-192: Evaluate control over nesting depth.
- webappsec-ACTION-191: Inconsistency in source hash description
- webappsec-ACTION-190: Is reflected-xss directive at risk?
Sunday, 26 October 2014
Friday, 24 October 2014
Saturday, 25 October 2014
- RE: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- RE: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
Friday, 24 October 2014
- [webappsec] updated (but still draft) TPAC agenda
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: [integrity] content-addressable cache?
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: [integrity] Different ways to associate integrity information
- Re: [referrer] HTTPS->HTTP
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Service workers, dedicated workers, and the environment settings object
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [integrity] Different ways to associate integrity information
- Re: [referrer] HTTPS->HTTP
- Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- Re: [referrer] HTTPS->HTTP
- [referrer] HTTPS->HTTP
- [integrity] Different ways to associate integrity information
- Re: [integrity] content-addressable cache?
Thursday, 23 October 2014
- [webappsec] Rough and preliminary TPAC agenda for WebAppSec
- Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note
Wednesday, 22 October 2014
Thursday, 23 October 2014
- RE: Allow dynamically inserted <script>-Tags from trustworthy Scripts
- Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- Re: [MIX] Is origin an authenticated origin?
- [MIX] Is origin an authenticated origin?
- Re: [MIX] feedback
- Re: [MIX] feedback
- Re: [MIX] feedback
- Re: [MIX] feedback
- Re: [MIX] feedback
- Re: [MIX] feedback
- [MIX] feedback
Wednesday, 22 October 2014
- RE: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- RE: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
Tuesday, 21 October 2014
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts
- Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts
- Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note
- Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note
- Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note
Monday, 20 October 2014
- [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note
- [webappsec] Call for Consensus: CSP Level 2 to Candidate Recommendation
- [webappsec] Survey on WebAppSec Charter v.Next work
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: referrer policy questions
- Re: referrer policy questions
- Re: referrer policy questions
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: referrer policy questions
- Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- referrer policy questions
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Re: [webappsec] Topics for Rechartering
Sunday, 19 October 2014
- [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- [webappsec] Topics for Rechartering
Friday, 17 October 2014
Thursday, 16 October 2014
Friday, 17 October 2014
Thursday, 16 October 2014
- Re: NTP vs. HSTS
- Re: NTP vs. HSTS
- Re: [webappsec] draft new WG home page
- Re: NTP vs. HSTS
- Re: NTP vs. HSTS
- NTP vs. HSTS
- Re: [Credential Management]: Tiny prototype to play around with.
- [Credential Management]: Tiny prototype to play around with.
Tuesday, 14 October 2014
- Re: [webappsec] draft new WG home page
- Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts
- Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts
- Re: [webappsec] draft new WG home page
Monday, 13 October 2014
Thursday, 9 October 2014
Wednesday, 8 October 2014
- webappsec-ACTION-189: Evaluatescript-ancestors
- webappsec-ACTION-188: Evaluate json-src
- Re: [integrity] content-addressable cache?
- Agenda for WebAppSec WG teleconference Wednesday Oct 8
Tuesday, 7 October 2014
Monday, 6 October 2014
- Re: [webappsec] SRI : allow multiple integrity attributes or ni:// uris?
- [webappsec] SRI : allow multiple integrity attributes or ni:// uris?
- Re: [integrity] content-addressable cache?
- This week's teleconference - keep it Wednesday for one more week
- Re: [integrity] content-addressable cache?
- Re: [integrity] content-addressable cache?
- Re: [integrity] content-addressable cache?
- Re: [integrity] content-addressable cache?
- Re: [integrity] content-addressable cache?
- Re: [integrity] content-addressable cache?
- [integrity] content-addressable cache?