W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2015

CSP: Feedback welcome.

From: Mike West <mkwst@google.com>
Date: Thu, 22 Oct 2015 18:11:56 +0200
Message-ID: <CAKXHy=eU0sGP27c=DfQ0j4ZGKGGS9Acyz+pv24VgJT8TZ28z5g@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
I had delusions of "finishing" a first cut at rewriting CSP before
TPAC; that's not going to happen. https://w3c.github.io/webappsec-csp/
is getting pretty close, though, and I think it's significantly
clearer on a number of points than the CR is.

The current draft doesn't add much (any?) functionality above and
beyond CSP2. It merely attempts to clarify and explain the rough edges
that draft left. To that end, I'd appreciate it if folks could skim
through to get more eyes on the Fetch and HTML integrations, as well
as the general structure and content of the document.

I'm looking forward to talking about some of the new stuff at TPAC,
and to working with y'all to hammer things out over the next month or
two. :)

-mike
Received on Thursday, 22 October 2015 16:12:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC