CSP: Embedded Enforcement from Mike West on 2016-09-09 (public-webappsec@w3.org from September 2016)

From: Mike West <mkwst@google.com>
Date: Fri, 9 Sep 2016 12:03:25 +0200
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=fRFejtkVsUQDJoT4eRNmqabspfrk6Nc4cW0H=jATd7EA@mail.gmail.com>

Hello, public-webappsec!

I've just published a new working draft of CSP: Embedded Enforcement (
https://w3c.github.io/webappsec-csp/embedded/), which aims to align the
feature's definition with recent changes to both the CSP3 and HTML
specifications. It would be helpful if y'all would take a look at the
current state of the document and provide feedback on it's sanity (either
here, or via GitHub issues <https://github.com/w3c/webappsec-csp/issues>).

An intern on my team will probably be starting an experimental
implementation in Chrome just before TPAC to see how the concepts in that
document shake out, so it's a great time to weigh in with opinions and
suggestions. :)

-mike

Received on Friday, 9 September 2016 10:04:15 UTC