Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scripting Policy. #36

Closed
mikewest opened this issue Aug 26, 2021 · 5 comments
Closed

Scripting Policy. #36

mikewest opened this issue Aug 26, 2021 · 5 comments

Comments

@mikewest
Copy link
Member

Introduction

XSS is bad. CSP's syntax is obtuse, and it's trying to do too many things. What if we could just target XSS?

Read the complete Explainer. Also the spec.

Feedback (Choose One)

Please provide all feedback below.

@mikewest
Copy link
Member Author

@johnwilander suggested that Apple would have an easier time engaging on this proposal if it shifted out of a personal repository: https://twitter.com/johnwilander/status/1430952281818603524. That, in combination with conversations at TPAC in 2019, hopefully justifies adoption.

@johnwilander
Copy link

Yes, we have an interest in trying to reduce the complexity of CSP-like defenses against XSS and other security attacks. I believe we discussed it in WebAppSec already, years ago. Thanks, Mike!

@yoavweiss
Copy link
Collaborator

Hooray!!
@mikewest let's discuss offline and move the repo over!

@yoavweiss
Copy link
Collaborator

https://github.com/WICG/csp-next is now live
Happy incubation!

@mikewest
Copy link
Member Author

Thanks! I'll close this out: https://wicg.github.io/csp-next/scripting-policy.html is up, and the old URL redirects correctly.

tidoust added a commit to w3c/browser-specs that referenced this issue Sep 13, 2021
This update adds CSS Cascade 6 and drops CSS Scoping 2 as a result (the latter
spec now redirects to the former).

It also adds the Scripting Policy and Close Watcher API. The two specs are
still at early stages but development is active and proposals are being backed
by implementers, see:
WICG/proposals#18
WICG/proposals#36
tidoust added a commit to w3c/browser-specs that referenced this issue Sep 13, 2021
This update adds CSS Cascade 6 and drops CSS Scoping 2 as a result (the latter
spec now redirects to the former).

It also adds the Scripting Policy and Close Watcher API. The two specs are
still at early stages but development is active and proposals are backed
by implementers, see:
WICG/proposals#18
WICG/proposals#36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants