-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scripting Policy. #36
Comments
@johnwilander suggested that Apple would have an easier time engaging on this proposal if it shifted out of a personal repository: https://twitter.com/johnwilander/status/1430952281818603524. That, in combination with conversations at TPAC in 2019, hopefully justifies adoption. |
Yes, we have an interest in trying to reduce the complexity of CSP-like defenses against XSS and other security attacks. I believe we discussed it in WebAppSec already, years ago. Thanks, Mike! |
Hooray!! |
https://github.com/WICG/csp-next is now live |
Thanks! I'll close this out: https://wicg.github.io/csp-next/scripting-policy.html is up, and the old URL redirects correctly. |
This update adds CSS Cascade 6 and drops CSS Scoping 2 as a result (the latter spec now redirects to the former). It also adds the Scripting Policy and Close Watcher API. The two specs are still at early stages but development is active and proposals are being backed by implementers, see: WICG/proposals#18 WICG/proposals#36
This update adds CSS Cascade 6 and drops CSS Scoping 2 as a result (the latter spec now redirects to the former). It also adds the Scripting Policy and Close Watcher API. The two specs are still at early stages but development is active and proposals are backed by implementers, see: WICG/proposals#18 WICG/proposals#36
Introduction
XSS is bad. CSP's syntax is obtuse, and it's trying to do too many things. What if we could just target XSS?
Read the complete Explainer. Also the spec.
Feedback (Choose One)
Please provide all feedback below.
The text was updated successfully, but these errors were encountered: