W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [CSP2] Browser Support

From: Brad Hill <hillbrad@gmail.com>
Date: Tue, 20 Jan 2015 18:40:30 +0000
Message-ID: <CAEeYn8j4Gd3jDJ22cnDpoDG8wk-8yWS2eKxM1i0hoXvYDNuTQw@mail.gmail.com>
To: Jim Manico <jim.manico@owasp.org>, Vítor Magano <magano227@gmail.com>, public-webappsec@w3.org
Chrome is the only implementation I know of right now supporting most of
CSP 2 features - some downstream Blink based browsers like Opera may
inherit it soon.  Firefox supports the nonce and hash source expressions
for inline content but I'm not aware of other support at this time.  Not
really sure about the state of the IE preview.

-Brad

On Mon Jan 19 2015 at 12:52:24 PM Jim Manico <jim.manico@owasp.org> wrote:

>  Vítor,
>
> Perhaps build a CSP2 set of test cases as part of your thesis? I am sure
> the community would really like that research done.
>
> Aloha,
> Jim
>
>
> On 1/16/15 6:21 AM, Vítor Magano wrote:
>
> Hello,
> I’m doing my thesis about Content Security Policy in Portugal and I’ve
> been doing my research. I’ve found a lot of information but there is
> something I can’t find, detailed information about browser support related
> to Content Security Policy Level 2. I’ve found a website about Google
> Chrome which says that starting from version 41 CSP2 will be enabled by
> default but I still don’t know since when they have the experimental
> implementation. I would like, if possible, to have this information related
> with the main browsers.
>
>  Best Regards,
>  --
> Vítor Magano
>
>
>
Received on Tuesday, 20 January 2015 18:40:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC