W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2016

CSP: Embedded Enforcement

From: Mike West <mkwst@google.com>
Date: Fri, 9 Sep 2016 12:03:25 +0200
Message-ID: <CAKXHy=fRFejtkVsUQDJoT4eRNmqabspfrk6Nc4cW0H=jATd7EA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hello, public-webappsec!

I've just published a new working draft of CSP: Embedded Enforcement (
https://w3c.github.io/webappsec-csp/embedded/), which aims to align the
feature's definition with recent changes to both the CSP3 and HTML
specifications. It would be helpful if y'all would take a look at the
current state of the document and provide feedback on it's sanity (either
here, or via GitHub issues <https://github.com/w3c/webappsec-csp/issues>).

An intern on my team will probably be starting an experimental
implementation in Chrome just before TPAC to see how the concepts in that
document shake out, so it's a great time to weigh in with opinions and
suggestions. :)

Received on Friday, 9 September 2016 10:04:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:57 UTC