W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: CSP3 as a polylithic set of modules?

From: Jim Manico <jim.manico@owasp.org>
Date: Mon, 28 Sep 2015 15:44:17 -1000
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Mark Nottingham <mnot@mnot.net>, Travis Leithead <Travis.Leithead@microsoft.com>
Message-Id: <5A0B5493-DD26-4E72-A919-21C527862319@owasp.org>
To: Brian Smith <brian@briansmith.org>
May I suggest for category 1a:

"Features from later modules that are 'easy' to implement."

The browsers have been all over the map in terms of csp2 implementation and this idea of "browser implementation guidance" and modularization for csp3 is an excellent idea.

But I would hate to see "easy to implement" features from the latter modules take a overly long time to get rolled out.

Jim Manico
Global Board Member
OWASP Foundation
Join me at AppSecUSA 2015!

> On Sep 28, 2015, at 11:15 AM, Brian Smith <brian@briansmith.org> wrote:
> 1. Features that everybody implements (approximately CSP 1). 

Received on Tuesday, 29 September 2015 01:44:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC