CSP: Feedback welcome. from Mike West on 2015-10-22 (public-webappsec@w3.org from October 2015)

From: Mike West <mkwst@google.com>
Date: Thu, 22 Oct 2015 18:11:56 +0200
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <CAKXHy=eU0sGP27c=DfQ0j4ZGKGGS9Acyz+pv24VgJT8TZ28z5g@mail.gmail.com>

I had delusions of "finishing" a first cut at rewriting CSP before
TPAC; that's not going to happen. https://w3c.github.io/webappsec-csp/
is getting pretty close, though, and I think it's significantly
clearer on a number of points than the CR is.

The current draft doesn't add much (any?) functionality above and
beyond CSP2. It merely attempts to clarify and explain the rough edges
that draft left. To that end, I'd appreciate it if folks could skim
through to get more eyes on the Fetch and HTML integrations, as well
as the general structure and content of the document.

I'm looking forward to talking about some of the new stuff at TPAC,
and to working with y'all to hammer things out over the next month or
two. :)

-mike

Received on Thursday, 22 October 2015 16:12:44 UTC