public-webappsec@w3.org from January 2015 by thread

Re: postMessage, workers and sandboxing Deian Stefan (Friday, 30 January)

Re: CSP3: DOM API Strawman Deian Stefan (Friday, 30 January)

[CSP] CSP3: Request for comments on message-src and message-sink Deian Stefan (Friday, 30 January)

Security use cases for packaging Yan Zhu (Thursday, 29 January)

POWER: Combining document and settings object checks. Mike West (Thursday, 29 January)

[SRI] Suggesting Francois Marier (Mozilla) as editor Frederik Braun (Wednesday, 28 January)

CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? david kaye (Tuesday, 27 January)

CfC: Transition CSP2 to CR. Mike West (Tuesday, 27 January)

[MIX] HSTS, SW and mixed-content Yves Lafon (Tuesday, 27 January)

Service workers and CSP Anne van Kesteren (Tuesday, 27 January)

[SRI] format of the integrity attribute Francois Marier (Tuesday, 27 January)

Proposal: A pinning mechanism for CSP? Mike West (Friday, 23 January)

Cancelling next week's call? Brad Hill (Thursday, 22 January)

Re: [CSP] Clarifications on nonces Mike West (Thursday, 22 January)

Re: [CSP] Dynamic CSP Mike West (Thursday, 22 January)

CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West (Wednesday, 21 January)

CREDENTIAL: And now for something completely different... Mike West (Wednesday, 21 January)

[CSP2] Browser Support Vítor Magano (Friday, 16 January)

[CSP2] Browser Support Vítor Magano (Sunday, 18 January)

CSP Versions in Violation Reports Boris Chen (Monday, 19 January)

[SRI] Reserving the "authority" component of NI URIs for later use? Francois Marier (Sunday, 18 January)

[CSP] Accepting base64-url Joel Weinberger (Friday, 16 January)

Re: [CSP] Clarifications regarding the HTTP LINK Header Mike West (Friday, 16 January)

Plugin data (was Re: Comments on Mixed Content) Tanvi Vyas (Thursday, 15 January)

Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Tanvi Vyas (Thursday, 15 January)

Re: [CSP] URI/IRI normalization and comparison Mike West (Thursday, 15 January)

Re: [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete? Mike West (Thursday, 15 January)

Re: [CSP] <meta> clarifications Mike West (Thursday, 15 January)

Re: [CSP] violation reports for sandbox Mike West (Thursday, 15 January)

Re: [CSP] Relative/absolute hostname matching Mike West (Thursday, 15 January)

Re: [MIX] PF comments on Mixed Content - accessible indication and user controls Michael Cooper (Wednesday, 14 January)

RE: Comments on Mixed Content David Walp (Tuesday, 13 January)

webappsec-ACTION-211: Ask github if they prefer fail open / closed on unknown hashes Web Application Security Working Group Issue Tracker (Monday, 12 January)

webappsec-ACTION-210: Move sri bugs in bugzilla to github Web Application Security Working Group Issue Tracker (Monday, 12 January)

webappsec-ACTION-209: Ask open data/linked data groups for info on data publishing for use in secure context Web Application Security Working Group Issue Tracker (Monday, 12 January)

[webappsec] Teleconference Agenda, 12-Jan-2015 12:00 PST Brad Hill (Monday, 12 January)

[CORS] Implementation Report links in CORS REC return errors Arthur Barstow (Friday, 9 January)

[CSP] Geotargetting? Jacob Bednarz (Friday, 9 January)

Re: Avoiding syncronous manifest requests in EPR David Ross (Thursday, 8 January)

Accessibility of security indicators chaals@yandex-team.ru (Thursday, 8 January)

Re: Comments on Mixed Content Mike West (Thursday, 8 January)

Re: [CSP] How to interpret 'self' in a sandboxed iframe Mike West (Thursday, 8 January)

Re: [SRI] providing good defaults when the expected content type is missing? Mike West (Thursday, 8 January)

Re: [CSP3] Allow paths without a domain Mike West (Thursday, 8 January)

Re: [CSP3] Allow plugin-types "none" Mike West (Thursday, 8 January)

Re: [REFERRER] Combination of referrer directive values Mike West (Thursday, 8 January)

Adding window.opener control to referrer-policy? Brad Hill (Wednesday, 7 January)

[SRI] Include sha-384 in the spec? Francois Marier (Wednesday, 7 January)

[Integrity] typos with ni URIs Manger, James (Wednesday, 7 January)

[Bug 27748] New: Value of @integrity attribute not sufficiently prescriptive bugzilla@jessica.w3.org (Monday, 5 January)

[Bug 27747] New: Integrity of font content bugzilla@jessica.w3.org (Monday, 5 January)

[Bug 27746] New: Integrity of image content bugzilla@jessica.w3.org (Monday, 5 January)

[Bug 27745] New: Should define the term 'integrity' bugzilla@jessica.w3.org (Monday, 5 January)

[Bug 27744] New: Should define the term 'subresource' bugzilla@jessica.w3.org (Monday, 5 January)

[SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? Francois Marier (Monday, 5 January)

Re: [SRI] unsupported hashes and invalid metadata Devdatta Akhawe (Saturday, 3 January)

Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure Jim Manico (Friday, 2 January)

[MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Tim Berners-Lee (Friday, 2 January)

[CSP3] 404 error from https://w3c.github.io/webappsec/specs/content-security-policy/ Seb Schmoller (Tuesday, 30 December)

Last message date: Saturday, 31 January 2015 04:10:26 UTC