from October 2015 by subject

[CSP] Difference in browser behaviour for 304 responses

[CSP] Script/Style hash and text normalization

[mixed-content] DASH Players and Mixed Content

[permissions] privacy concern with Permissions API/granted status and events

[powerful-features] feedback

[powerful-features] Framing

[powerful-features] Some comments

[SRI] Call for Consensus: Subresource Integrity to Candidate Recommenation

[SRI] comments

[SRI] Shared Cache through `sharedcache` attribute

[webappsec] Invitation to edit: TPAC agenda

[webappsec] Teleconference Agenda 19-Oct-2015

[webappsec] Teleconference Agenda 5-Oct-2015

[webappsec] Teleconference, Monday, 02-Nov-2015 CANCELLED

Call for Exclusions: Confinement with Origin Web Labels

Call for Exclusions: Upgrade Insecure Requests; Mixed Content


CSP3 as a polylithic set of modules?

CSP: Feedback welcome.

Fwd: Intent To Implement: UI Security / "IronFrame"

Fwd: Password generation classes

Move `referrer` from CSP to some other header.

Non-browser implementation of CSP (was Re: CSP3 as a polylithic set of modules?)

Referrer value for resources fetched from CSS

referrer-policy attribute

Regrets (Re: [webappsec] Teleconference Agenda 5-Oct-2015)

Reminder regarding normative references

Removal of reflected-xss from CSP3 (was Re: Move `referrer` from CSP to some other header.)

Security Review - Chrome Native Messaging

Security Review of the Google Web Payment API Proposal

Signed JavaScript/JSON Objects using ES6

SRI: ready for CR

Starting to create new repositories.

Testing W3C's HTTPS setup

Last message date: Thursday, 29 October 2015 18:44:34 UTC