public-webappsec@w3.org from January 2016 by thread

Allow auto-resize on iframe Craig Francis (Sunday, 31 January)

Allow auto-resize on iframe Craig Francis (Sunday, 31 January)

Re: Proposal: Marking HTTP As Non-Secure jirkadanek7@gmail.com (Thursday, 28 January)

• Re: Proposal: Marking HTTP As Non-Secure Chris Palmer (Thursday, 28 January)
  • Re: Proposal: Marking HTTP As Non-Secure Chris Palmer (Friday, 29 January)
    • Re: Proposal: Marking HTTP As Non-Secure Jim Manico (Saturday, 30 January)
  • Re: Proposal: Marking HTTP As Non-Secure Eitan Adler (Saturday, 30 January)
    • Re: Proposal: Marking HTTP As Non-Secure Eric Mill (Sunday, 31 January)

[webappsec] Face to Face meeting survey Brad Hill (Wednesday, 27 January)

• Re: [webappsec] Face to Face meeting survey Brad Hill (Wednesday, 27 January)

Permissions work - status and intent to update Harald Alvestrand (Wednesday, 27 January)

• Re: Permissions work - status and intent to update Harald Alvestrand (Wednesday, 27 January)

Secure Contexts to CR? (Re: [webappsec] Teleconference Agenda: 27-Jan-2016) Mike West (Tuesday, 26 January)

Call for Exclusions: Content Security Policy Level 3 Xueyuan Jia (Tuesday, 26 January)

[webappsec] Teleconference Agenda: 27-Jan-2016 Brad Hill (Monday, 25 January)

preflighted CORS requests and redirects: principally impossible? Nico Schlömer (Friday, 22 January)

• Re: preflighted CORS requests and redirects: principally impossible? Anne van Kesteren (Friday, 22 January)
  • Re: preflighted CORS requests and redirects: principally impossible? Nico Schlömer (Friday, 22 January)
    • Re: preflighted CORS requests and redirects: principally impossible? Utkarsh Upadhyay (Friday, 22 January)
      • Re: preflighted CORS requests and redirects: principally impossible? Jonathan Kingston (Friday, 22 January)
        • Re: preflighted CORS requests and redirects: principally impossible? Utkarsh Upadhyay (Sunday, 24 January)
    • Re: preflighted CORS requests and redirects: principally impossible? Anne van Kesteren (Sunday, 24 January)

Request for input on Foreign Fetch Anne van Kesteren (Friday, 22 January)

• Re: Request for input on Foreign Fetch Mike West (Wednesday, 27 January)
  • Re: Request for input on Foreign Fetch Anne van Kesteren (Wednesday, 27 January)
    • Re: Request for input on Foreign Fetch Martin Thomson (Wednesday, 27 January)
      • Re: Request for input on Foreign Fetch Anne van Kesteren (Wednesday, 27 January)
        • Re: Request for input on Foreign Fetch Martin Thomson (Thursday, 28 January)
          • Re: Request for input on Foreign Fetch Ben Gidley (Thursday, 28 January)
            • Re: Request for input on Foreign Fetch Anne van Kesteren (Thursday, 28 January)
          • Re: Request for input on Foreign Fetch Anne van Kesteren (Thursday, 28 January)
            • Re: Request for input on Foreign Fetch Martin Thomson (Thursday, 28 January)
            • Re: Request for input on Foreign Fetch Anne van Kesteren (Thursday, 28 January)

In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Thursday, 21 January)

• In-browser sanitization vs. a “Safe Node” in the DOM Conrad Irwin (Thursday, 21 January)
  • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Thursday, 21 January)
  • Re: In-browser sanitization vs. a “Safe Node” in the DOM Craig Francis (Friday, 22 January)
    • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
      • Re: In-browser sanitization vs. a “Safe Node” in the DOM Chris Palmer (Friday, 22 January)
        • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
          • RE: In-browser sanitization vs. a “Safe Node” in the DOM Crispin Cowan (Friday, 22 January)
          • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
          • Re: In-browser sanitization vs. a “Safe Node” in the DOM Chris Palmer (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
            • RE: In-browser sanitization vs. a “Safe Node” in the DOM Crispin Cowan (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Jim Manico (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Michal Zalewski (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Jim Manico (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Jim Manico (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Jim Manico (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Jim Manico (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Jim Manico (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Jim Manico (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Jim Manico (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Saturday, 23 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Chris Palmer (Friday, 22 January)
            • Re: In-browser sanitization vs. a “Safe Node” in the DOM Chris Palmer (Friday, 22 January)
• Re: In-browser sanitization vs. a “Safe Node” in the DOM Anne van Kesteren (Friday, 22 January)
• Re: In-browser sanitization vs. a “Safe Node” in the DOM Michaela Merz (Thursday, 21 January)
• In-browser sanitization vs. a “Safe Node” in the DOM Andrew Sutherland (Saturday, 23 January)
  • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Monday, 25 January)
    • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Monday, 25 January)
    • Re: In-browser sanitization vs. a “Safe Node” in the DOM Andrew Sutherland (Monday, 25 January)
      • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Tuesday, 26 January)
        • Re: In-browser sanitization vs. a “Safe Node” in the DOM David Ross (Tuesday, 26 January)

[SRI] Increasing Cacheable Content as a goal Slim Amamou (Wednesday, 20 January)

• Re: [SRI] Increasing Cacheable Content as a goal Brad Hill (Wednesday, 20 January)
  • Re: [SRI] Increasing Cacheable Content as a goal Slim Amamou (Wednesday, 20 January)

Security / Technical feedback on subresource integrity specification Mhano Harkness (Tuesday, 19 January)

• [SRI] Re: Security / Technical feedback on subresource integrity specification Frederik Braun (Tuesday, 19 January)
• Re: Security / Technical feedback on subresource integrity specification Francois Marier (Wednesday, 20 January)
  • Re: Security / Technical feedback on subresource integrity specification Richard Barnes (Wednesday, 20 January)
    • Re: Security / Technical feedback on subresource integrity specification Jonathan Kingston (Wednesday, 20 January)
• Re: Security / Technical feedback on subresource integrity specification Mhano Harkness (Wednesday, 20 January)
  • Re: Security / Technical feedback on subresource integrity specification Mhano Harkness (Wednesday, 20 January)

Re: HSTS priming vs preloading Mike West (Monday, 18 January)

• Re: HSTS priming vs preloading Richard Barnes (Monday, 18 January)
• Re: HSTS priming vs preloading Eric Mill (Monday, 18 January)
  • Re: HSTS priming vs preloading Mike West (Monday, 18 January)
    • Re: HSTS priming vs preloading Eric Mill (Monday, 18 January)
  • Re: HSTS priming vs preloading Jim Manico (Tuesday, 19 January)
    • Re: HSTS priming vs preloading Richard Barnes (Tuesday, 19 January)
      • Re: HSTS priming vs preloading Jim Manico (Tuesday, 19 January)

Signed JavaScript/JSON using ES6 + Google V8 Anders Rundgren (Friday, 15 January)

Summary of major differences between COWL and Suborigins Joel Weinberger (Thursday, 14 January)

• Re: Summary of major differences between COWL and Suborigins Deian Stefan (Saturday, 23 January)

Call for Exclusions (Update): Confinement with Origin Web Labels Xueyuan Jia (Thursday, 14 January)

[powerful features] Secure Contexts and Framed Documents Rich Tibbett (Wednesday, 13 January)

• Re: [powerful features] Secure Contexts and Framed Documents Anne van Kesteren (Wednesday, 13 January)
  • Re: [powerful features] Secure Contexts and Framed Documents Joel Weinberger (Wednesday, 13 January)
    • Re: [powerful features] Secure Contexts and Framed Documents Anne van Kesteren (Wednesday, 13 January)
  • Re: [powerful features] Secure Contexts and Framed Documents Rich Tibbett (Wednesday, 13 January)
    • Re: [powerful features] Secure Contexts and Framed Documents Anne van Kesteren (Wednesday, 13 January)
      • Re: [powerful features] Secure Contexts and Framed Documents Rich Tibbett (Wednesday, 13 January)
        • Re: [powerful features] Secure Contexts and Framed Documents Chris Palmer (Wednesday, 13 January)

[sritest.io] New Website SRI Scanner Service Gabor Szathmari (Wednesday, 13 January)

PDF alternative using HTML (proposal) Craig Francis (Tuesday, 12 January)

• Re: PDF alternative using HTML (proposal) Adrian Hope-Bailie (Tuesday, 12 January)
  • Re: PDF alternative using HTML (proposal) Craig Francis (Tuesday, 12 January)
    • Re: PDF alternative using HTML (proposal) Wendy Seltzer (Tuesday, 12 January)
      • Re: PDF alternative using HTML (proposal) Craig Francis (Thursday, 14 January)
        • RE: PDF alternative using HTML (proposal) Crispin Cowan (Sunday, 17 January)
          • Re: PDF alternative using HTML (proposal) Craig Francis (Sunday, 17 January)
            • RE: PDF alternative using HTML (proposal) Crispin Cowan (Sunday, 17 January)
            • Re: PDF alternative using HTML (proposal) Craig Francis (Monday, 18 January)
            • RE: PDF alternative using HTML (proposal) Crispin Cowan (Monday, 18 January)
    • Re: PDF alternative using HTML (proposal) Ángel González (Saturday, 16 January)
      • Re: PDF alternative using HTML (proposal) Craig Francis (Monday, 18 January)
• Re: PDF alternative using HTML (proposal) Craig Francis (Monday, 18 January)
• Re: PDF alternative using HTML (proposal) James May (Monday, 18 January)
  • Re: PDF alternative using HTML (proposal) Craig Francis (Tuesday, 19 January)

[webappsec] Teleconference Agenda 13-Jan-2016 Brad Hill (Tuesday, 12 January)

Proposal to add a browsing context named "_private" Utkarsh Upadhyay (Monday, 11 January)

• Re: Proposal to add a browsing context named "_private" Richard Barnes (Monday, 11 January)
  • Re: Proposal to add a browsing context named "_private" Patrick Toomey (Monday, 11 January)
    • Re: Proposal to add a browsing context named "_private" timeless (Monday, 11 January)
      • Re: Proposal to add a browsing context named "_private" Patrick Toomey (Monday, 11 January)
      • Re: Proposal to add a browsing context named "_private" Joel Weinberger (Monday, 11 January)
        • RE: Proposal to add a browsing context named "_private" Crispin Cowan (Monday, 11 January)
        • Re: Proposal to add a browsing context named "_private" Utkarsh Upadhyay (Monday, 11 January)
          • Re: Proposal to add a browsing context named "_private" Joel Weinberger (Monday, 11 January)
            • Re: Proposal to add a browsing context named "_private" Utkarsh Upadhyay (Tuesday, 12 January)
            • RE: Proposal to add a browsing context named "_private" Crispin Cowan (Tuesday, 12 January)
            • Re: Proposal to add a browsing context named "_private" Anne van Kesteren (Tuesday, 12 January)
            • Re: Proposal to add a browsing context named "_private" Utkarsh Upadhyay (Tuesday, 12 January)
            • RE: Proposal to add a browsing context named "_private" Crispin Cowan (Tuesday, 12 January)
            • Re: Proposal to add a browsing context named "_private" Utkarsh Upadhyay (Thursday, 14 January)
            • Re: Proposal to add a browsing context named "_private" Joel Weinberger (Thursday, 14 January)
            • RE: Proposal to add a browsing context named "_private" Crispin Cowan (Thursday, 14 January)
            • Re: Proposal to add a browsing context named "_private" Utkarsh Upadhyay (Sunday, 24 January)

Fwd: HTTPS/HSTS support on www.w3.org servers Wendy Seltzer (Monday, 11 January)

Re: new CSP draft. Jonathan Kingston (Sunday, 10 January)

• Re: new CSP draft. Mike West (Monday, 11 January)
  • Re: new CSP draft. Jonathan Kingston (Tuesday, 12 January)
• Re: new CSP draft. Oda, Terri (Monday, 11 January)
  • Re: new CSP draft. Mike West (Tuesday, 12 January)

CfC: CSP3 to FPWD; deadline January 15th. Mike West (Friday, 8 January)

Header size and policy delivery Jonathan Kingston (Thursday, 7 January)

• Re: Header size and policy delivery Martin Thomson (Thursday, 7 January)
  • Re: Header size and policy delivery Patrick Toomey (Thursday, 7 January)
    • Re: Header size and policy delivery Martin Thomson (Thursday, 7 January)
      • Re: Header size and policy delivery Patrick Toomey (Thursday, 7 January)
        • Re: Header size and policy delivery Martin Thomson (Thursday, 7 January)
    • RE: Header size and policy delivery Mike O'Neill (Thursday, 7 January)

Call for Consensus: Mixed Content to Proposed Recommendation Brad Hill (Tuesday, 5 January)

• Re: Call for Consensus: Mixed Content to Proposed Recommendation Wendy Seltzer (Tuesday, 5 January)

Call for Consensus: SRI to Proposed Recommendation Brad Hill (Tuesday, 5 January)

Re: [CSP] "sri" source expression to enforce SRI Patrick Toomey (Monday, 4 January)

• Re: [CSP] "sri" source expression to enforce SRI Nottingham, Mark (Tuesday, 5 January)
  • RE: [CSP] "sri" source expression to enforce SRI Mike O'Neill (Tuesday, 5 January)
    • Re: [CSP] "sri" source expression to enforce SRI Jonathan Kingston (Tuesday, 5 January)
      • RE: [CSP] "sri" source expression to enforce SRI Mike O'Neill (Tuesday, 5 January)
        • Re: [CSP] "sri" source expression to enforce SRI Joel Weinberger (Wednesday, 6 January)
          • Re: [CSP] "sri" source expression to enforce SRI Eduardo Robles Elvira (Saturday, 9 January)

Limiting requests from the internet to the intranet. Mike West (Monday, 4 January)

• Re: Limiting requests from the internet to the intranet. Eric Mill (Monday, 4 January)
• Re: Limiting requests from the internet to the intranet. Erik Nygren (Monday, 4 January)
  • Re: Limiting requests from the internet to the intranet. Richard Barnes (Monday, 4 January)
    • Re: Limiting requests from the internet to the intranet. Mike West (Monday, 4 January)
      • Re: Limiting requests from the internet to the intranet. Chris Palmer (Monday, 4 January)
        • Re: Limiting requests from the internet to the intranet. Mike West (Monday, 4 January)
          • Re: Limiting requests from the internet to the intranet. Chris Palmer (Monday, 4 January)
            • Re: Limiting requests from the internet to the intranet. Mike West (Monday, 4 January)
            • Re: Limiting requests from the internet to the intranet. Justin Schuh (Monday, 4 January)
            • Re: Limiting requests from the internet to the intranet. Chris Palmer (Monday, 4 January)
            • Re: Limiting requests from the internet to the intranet. Justin Schuh (Monday, 4 January)
          • Re: Limiting requests from the internet to the intranet. Oda, Terri (Wednesday, 6 January)
            • Re: Limiting requests from the internet to the intranet. Chris Palmer (Wednesday, 6 January)
            • Re: Limiting requests from the internet to the intranet. Justin Schuh (Wednesday, 6 January)
    • Re: Limiting requests from the internet to the intranet. Nottingham, Mark (Monday, 4 January)
      • Re: Limiting requests from the internet to the intranet. Erik Nygren (Monday, 4 January)
        • Re: Limiting requests from the internet to the intranet. Mike West (Friday, 8 January)
          • Re: Limiting requests from the internet to the intranet. Richard Barnes (Friday, 8 January)
            • Re: Limiting requests from the internet to the intranet. Erik Nygren (Friday, 8 January)
• Re: Limiting requests from the internet to the intranet. Sergey Shekyan (Monday, 4 January)
• Re: Limiting requests from the internet to the intranet. Brian Smith (Friday, 8 January)
  • Re: Limiting requests from the internet to the intranet. Justin Schuh (Friday, 8 January)
    • Re: Limiting requests from the internet to the intranet. Devdatta Akhawe (Saturday, 9 January)
    • Re: Limiting requests from the internet to the intranet. Brian Smith (Saturday, 9 January)
• Re: Limiting requests from the internet to the intranet. Richard Barnes (Wednesday, 13 January)

Last message date: Sunday, 31 January 2016 19:02:13 UTC