Scripting Policy sketch.

Hey folks,

At TPAC last year, we discussed
the CSP Next proposal <> in a little
bit of detail. It seemed like there was general approval of the vague
contours of the idea, so I took some time to sketch it out in a little more
detail. I'd appreciate feedback (directional and detail!) on

This addresses the XSS mitigation portion of CSP. It doesn't touch the
confinement portions of CSP discussed in I'm quite a bit
less clear on what that would actually need to look like. If y'all have
ideas (especially those rooted in actual experience deploying
confinement-oriented policies), I'd love to hear about them.



Received on Wednesday, 8 January 2020 10:16:44 UTC