public-webappsec@w3.org from April 2013 by author

Adam Barth

• Re: ACTION-115: Proposal for handling srcdoc (Tuesday, 30 April)
• ACTION-115: Proposal for handling srcdoc (Tuesday, 30 April)
• ACTION-120: Proposal for handling custom elements (Tuesday, 30 April)
• ACTION-129: plugin-types inherits into plugin documents (Tuesday, 30 April)
• Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Tuesday, 30 April)
• Re: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Tuesday, 30 April)
• Re: Trimming the SecurityPolicy DOM interface (Saturday, 27 April)
• script-src 'self' https://example.com 'nonce-nc34908WECd8f3' (Saturday, 27 April)
• Trimming the SecurityPolicy DOM interface (Saturday, 27 April)
• Re: webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import> (Saturday, 27 April)
• Minor edits to CSP 1.1 (Saturday, 27 April)
• Re: webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import> (Saturday, 27 April)
• Re: CSP within frame constructed with "data:" URI? (Saturday, 27 April)
• Re: webappsec-ISSUE-48 (base uri): injection of a <base> tag to change effective location of relative resources [CSP 1.1] (Saturday, 27 April)
• Re: [webappsec] CSP 1.0 bug? button type=image and img-src (Wednesday, 24 April)
• Re: [webappsec] CSP 1.0 bug? button type=image and img-src (Tuesday, 23 April)
• Re: CSP and `picture` (Saturday, 20 April)
• Re: CSP 1.0 copy&paste error (Saturday, 20 April)
• Re: Column numbers in violation reports. (Saturday, 20 April)

Alex Russell

• Re: Trimming the SecurityPolicy DOM interface (Saturday, 27 April)

Anne van Kesteren

• Re: webappsec-ISSUE-48 (base uri): injection of a <base> tag to change effective location of relative resources [CSP 1.1] (Friday, 26 April)
• Re: webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import> (Thursday, 25 April)
• Re: [webappsec] CSP 1.0 bug? button type=image and img-src (Wednesday, 24 April)
• Re: CORS Allow header in preflight response (Monday, 22 April)
• Re: CSP when external script loads another external script? (Friday, 19 April)
• Re: CORS Allow header in preflight response (Tuesday, 16 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Thursday, 11 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Wednesday, 10 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Fwd: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Fwd: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Monday, 8 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Monday, 8 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Monday, 8 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Monday, 8 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Saturday, 6 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Saturday, 6 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Friday, 5 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Friday, 5 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Friday, 5 April)

Bjoern Hoehrmann

• Re: CORS Allow header in preflight response (Tuesday, 16 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Saturday, 6 April)

bugzilla@jessica.w3.org

• [Bug 21608] New: 7.2 "Resource Sharing Check" does not specify how to handle a space separated list in Access-Control-Allow-Origin (Sunday, 7 April)

Carson, Cory

• RE: CSP and innerHTML (Tuesday, 30 April)

Daniel Holbert

• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)

Daniel Veditz

• Re: CSP and `picture` (Thursday, 25 April)

Devdatta Akhawe

• Re: ACTION-115: Proposal for handling srcdoc (Tuesday, 30 April)
• Re: ACTION-115: Proposal for handling srcdoc (Tuesday, 30 April)
• Re: Trimming the SecurityPolicy DOM interface (Saturday, 27 April)

Dimitri Glazkov

• Re: webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import> (Saturday, 27 April)
• Re: webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import> (Saturday, 27 April)

Dirk Schulze

• Re: [filter-effects][css-masking] Move security model for resources to CSP (Thursday, 11 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Wednesday, 10 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Monday, 8 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Monday, 8 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Monday, 8 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Saturday, 6 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Friday, 5 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Friday, 5 April)
• [filter-effects][css-masking] Move security model for resources to CSP (Friday, 5 April)

Eduardo' Vela

• Re: CSP and innerHTML (Tuesday, 30 April)
• Re: CSP and innerHTML (Tuesday, 30 April)
• Re: Trimming the SecurityPolicy DOM interface (Monday, 29 April)
• Re: Trimming the SecurityPolicy DOM interface (Saturday, 27 April)
• Re: Trimming the SecurityPolicy DOM interface (Saturday, 27 April)
• Re: Column numbers in violation reports. (Sunday, 21 April)

Erlend Oftedal

• Re: [webappsec] Friday test jam preparation (Tuesday, 23 April)

Frederik Braun

• Re: CSP and `picture` (Monday, 8 April)

Giorgio Maone

• Regrets (Re: [webappsec] remote participation resources) (Friday, 26 April)

Hill, Brad

• RE: CSP and innerHTML (Tuesday, 30 April)
• RE: CSP and innerHTML (Tuesday, 30 April)
• RE: [webappsec] Call for Consensus: CSP 1.1 to FPWD (Tuesday, 30 April)
• RE: webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import> (Sunday, 28 April)
• FW: API coordination with TC39 (ECMAscript) (Friday, 26 April)
• [webappsec] remote participation resources (Thursday, 25 April)
• RE: [webappsec] CSP 1.0 bug? button type=image and img-src (Tuesday, 23 April)
• [webappsec] CSP 1.0 bug? button type=image and img-src (Tuesday, 23 April)
• [webappsec] Friday test jam preparation (Tuesday, 23 April)
• RE: [webappsec] Final logistics for F2F April 25-26 (Tuesday, 23 April)
• [webappsec] Call today CANCELLED (Tuesday, 23 April)
• [webappsec] Final logistics for F2F April 25-26 (Monday, 22 April)
• [webappsec] Proposed agenda for next week's F2F (Friday, 19 April)
• RE: CSP, Remote-Only Mode, and Browser Extensions (Wednesday, 17 April)
• [webappsec] Tomorrow's teleconference CANCELLED (Monday, 8 April)
• [webappsec] Please register for April F2F (Thursday, 4 April)
• RE: Moving our tests to GitHub (same as WebApps) (Thursday, 4 April)
• [webapppsec] CfC: UI Security to WD (Thursday, 4 April)

Ian Melven

• CSP and innerHTML (Tuesday, 30 April)
• Re: Trimming the SecurityPolicy DOM interface (Monday, 29 April)

James Marshall

• Re: CSP within frame constructed with "data:" URI? (Saturday, 27 April)
• CSP within frame constructed with "data:" URI? (Saturday, 27 April)
• CSP when external script loads another external script? (Thursday, 18 April)

Mike West

• Column numbers in violation reports. (Saturday, 20 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Friday, 5 April)
• Re: [webapppsec] CfC: UI Security to WD (Thursday, 4 April)

Odin Hørthe Omdal

• Moving our tests to GitHub (same as WebApps) (Thursday, 4 April)

Pellerin, Clement

• RE: CORS Allow header in preflight response (Tuesday, 16 April)
• CORS Allow header in preflight response (Tuesday, 16 April)

Robert O'Callahan

• Re: [filter-effects][css-masking] Move security model for resources to CSP (Wednesday, 10 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Wednesday, 10 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)
• Re: [filter-effects][css-masking] Move security model for resources to CSP (Tuesday, 9 April)

Tom Ritter

• CSP, Remote-Only Mode, and Browser Extensions (Wednesday, 17 April)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-53 (UI Security model for composited drawing models): UI Security model for composited drawing models [UI Security] (Friday, 26 April)
• webappsec-ISSUE-52 (unsafe DOM API): unsafe attribute requires every handler to check [UI Security] (Thursday, 25 April)
• webappsec-ISSUE-51: How to handle externally defined <element> with <link rel=import> (Thursday, 25 April)
• webappsec-ISSUE-50: plugin-type directive and media source list for IE CLSID guids [CSP 1.1] (Thursday, 25 April)
• webappsec-ISSUE-49: add http response code to report? [CSP 1.1] (Thursday, 25 April)
• webappsec-ISSUE-48 (base uri): injection of a <base> tag to change effective location of relative resources [CSP 1.1] (Thursday, 25 April)
• webappsec-ISSUE-47: Revisit combinations of header and meta tags [CSP 1.1] (Thursday, 25 April)
• webappsec-ISSUE-46 (Does nonce make CSP header security-sensitive): Does inclusion of things like nonce make CSP a sensitive header? [CSP 1.1] (Thursday, 25 April)

Wendy Seltzer

• Please register this week for April 25-26 F2F (Wednesday, 3 April)

Yoav Weiss

• Re: [webappsec] CSP 1.0 bug? button type=image and img-src (Wednesday, 24 April)
• CSP and `picture` (Saturday, 6 April)

Last message date: Tuesday, 30 April 2013 21:01:51 UTC