Re: CSP Plugin from Jim Manico on 2015-08-27 (public-webappsec@w3.org from August 2015)

From: Jim Manico <jim.manico@owasp.org>
Date: Thu, 27 Aug 2015 15:07:59 -0700
To: Brad Hill <hillbrad@gmail.com>
Cc: Kepeng Li <kepeng.lkp@alibaba-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-Id: <1F501F32-5033-42DF-8D67-72AECD625E50@owasp.org>

> Flash, Java and Silverlight all have special rules about requesting policy files and enabling SOP bypasses based on them...

Can I have "client side technologies that should be fully banned from the browser" for 500, Alex?

--
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
Join me at AppSecUSA 2015!

> On Aug 27, 2015, at 11:10 AM, Brad Hill <hillbrad@gmail.com> wrote:
> 
> Flash, Java and Silverlight all have special rules about requesting policy files and enabling SOP bypasses based on them, treating

Received on Thursday, 27 August 2015 22:08:30 UTC