- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 16 Jul 2009 13:25:15 -0700
On Wed, Jul 15, 2009 at 6:48 PM, Aryeh Gregor<Simetrical+w3c at gmail.com> wrote: > On Wed, Jul 15, 2009 at 9:24 PM, Jonas Sicking<jonas at sicking.cc> wrote: >> Note that Content Security Policies[1] can be used to deal with >> clickjacking. So far we've gotten a lot of positive feedback to CSP >> and are in progress of implementing it in firefox. So it's a possible >> solution to this. > > Is Mozilla planning to run CSP through a usual standards body like the > W3C, either before or after implementation? ?If you plan to > standardize it after implementation, why not before instead? ?CSP > looks really exciting, but I'm not clear on whether or when it will be > standardized -- I've heard talk of implementing it, but not of > standardizing it. We've actually proposed it to the webapps list, but got little to no response. I'm not sure if we at this time have anyone that would have the resources to offer to be editor for a W3C CSP spec, if any of the WGs there are interested to host it. So in short, yes, we'd love to have it standardized, but so far haven't found a path to make that practically happen. But, as Mike said, we'd love to get feedback, and we'd love to get it now. So far most of the feedback we've gotten has been "looks interesting" which we take as a pretty good sign, but a little lacking in detail :) / Jonas
Received on Thursday, 16 July 2009 13:25:15 UTC