W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2015

new CSP draft.

From: Mike West <mkwst@google.com>
Date: Fri, 4 Dec 2015 14:31:03 +0100
Message-ID: <CAKXHy=eiyJ-45dwqKS6AWkaz3Z_Unw3BJcNuiQ2NUtAq-Ezv8Q@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hello, webappsecians!

At TPAC, we discussed stripping CSP3 down to be a clearer explanation of
CSP2 in terms of Fetch, along with a set of hooks that enable modular
documents to define the new stuff. I'm slowly working towards that goal.

https://w3c.github.io/webappsec-csp/ is substantially rewritten, and I've
started working with our friends in the WHATWG to add relevant hooks to
their version of HTML and Fetch. There's still a little bit of outstanding
work to be done, but it's far enough along that it would be helpful to get
some more eyes on the document before I erroneously convince myself that
it's finished.

Once you finish reading Brad's new UI Security draft, I'd appreciate you
taking a look at this one. :)

-mike
Received on Friday, 4 December 2015 13:32:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:16 UTC