public-webappsec@w3.org from February 2014 by thread

[webappsec] Please change your W3C passwords. Brad Hill (Friday, 28 February)

[webapsec] Agenda for Teleconference, 26 Feb 2014 Brad Hill (Tuesday, 25 February)

• Re: [webapsec] Agenda for Teleconference, 26 Feb 2014 Sandeep Kamble (Wednesday, 26 February)

Removal of the note about extensions Mike \ (Saturday, 22 February)

• Re: Removal of the note about extensions Glenn Adams (Saturday, 22 February)
  • Re: Removal of the note about extensions Mitar (Monday, 24 February)
    • Re: Removal of the note about extensions Glenn Adams (Monday, 24 February)
      • Re: Removal of the note about extensions Mitar (Monday, 24 February)
        • Re: Removal of the note about extensions Mike West (Monday, 24 February)
          • Re: Removal of the note about extensions Glenn Adams (Monday, 24 February)
          • Re: Removal of the note about extensions Mike \ (Monday, 24 February)
            • Re: Removal of the note about extensions Mitar (Tuesday, 25 February)
            • Re: Removal of the note about extensions Daniel Veditz (Tuesday, 25 February)
          • Re: Removal of the note about extensions Mike \ (Monday, 24 February)
            • Re: Removal of the note about extensions Glenn Adams (Monday, 24 February)
            • Re: Removal of the note about extensions Mike \ (Tuesday, 25 February)
            • Re: Removal of the note about extensions Glenn Adams (Tuesday, 25 February)
            • Re: Removal of the note about extensions Mike West (Tuesday, 25 February)
            • Re: Removal of the note about extensions Mike \ (Wednesday, 26 February)
            • Re: Removal of the note about extensions Mike West (Thursday, 27 February)
          • Re: Removal of the note about extensions Mitar (Tuesday, 25 February)
            • Re: Removal of the note about extensions Mike West (Tuesday, 25 February)
    • Re: Removal of the note about extensions Daniel Veditz (Tuesday, 25 February)
• Re: Removal of the note about extensions David Bruant (Saturday, 22 February)
  • Re: Removal of the note about extensions Mitar (Monday, 24 February)
• Re: Removal of the note about extensions Daniel Veditz (Tuesday, 25 February)

Removal of the note about extensions Mitar (Saturday, 22 February)

W3C WebAppSec WG Meeting Hill, Brad (Wednesday, 19 February)

W3C WebAppSec WG Meeting Hill, Brad (Wednesday, 19 February)

[webappsec] New call-for-consensus on UI Security Brad Hill (Tuesday, 18 February)

Re: Holiday changes to the CSP 1.1 editor's draft. Mike West (Monday, 17 February)

• Re: Holiday changes to the CSP 1.1 editor's draft. Ben Toews (Monday, 17 February)
  • Re: Holiday changes to the CSP 1.1 editor's draft. Ian Melven (Tuesday, 18 February)

[CSP] 'allow-meta': proposal for combining header and <meta> policies Daniel Veditz (Friday, 14 February)

Remove paths from CSP? Mike West (Wednesday, 12 February)

• Re: Remove paths from CSP? Eduardo' Vela\ (Wednesday, 12 February)
  • Re: Remove paths from CSP? Eduardo' Vela\ (Wednesday, 12 February)
  • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
    • Re: Remove paths from CSP? Eduardo' Vela\ (Wednesday, 12 February)
      • Re: Remove paths from CSP? Eduardo' Vela\ (Wednesday, 12 February)
        • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
          • Re: Remove paths from CSP? Michal Zalewski (Wednesday, 12 February)
            • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
            • Re: Remove paths from CSP? Anne van Kesteren (Wednesday, 12 February)
            • Re: Remove paths from CSP? Eduardo' Vela\ (Wednesday, 12 February)
            • Re: Remove paths from CSP? Michal Zalewski (Wednesday, 12 February)
• Re: Remove paths from CSP? Michal Zalewski (Wednesday, 12 February)
  • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
    • Re: Remove paths from CSP? Michal Zalewski (Wednesday, 12 February)
• Re: Remove paths from CSP? Sigbjørn Vik (Wednesday, 12 February)
  • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
    • Re: Remove paths from CSP? Sigbjørn Vik (Wednesday, 12 February)
      • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
        • Re: Remove paths from CSP? Sigbjørn Vik (Wednesday, 12 February)
          • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
            • Re: Remove paths from CSP? Sigbjørn Vik (Thursday, 13 February)
      • Re: Remove paths from CSP? Pete Freitag (Wednesday, 12 February)
        • Re: Remove paths from CSP? Sigbjørn Vik (Thursday, 13 February)
        • Re: Remove paths from CSP? Daniel Veditz (Thursday, 13 February)
• Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
• Re: Remove paths from CSP? Egor Homakov (Wednesday, 12 February)
  • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
• Re: Remove paths from CSP? Egor Homakov (Wednesday, 12 February)
  • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
    • Re: Remove paths from CSP? Michal Zalewski (Wednesday, 12 February)
      • Re: Remove paths from CSP? Mike West (Wednesday, 12 February)
• Re: Remove paths from CSP? Daniel Veditz (Thursday, 13 February)
  • Re: Remove paths from CSP? Mike West (Friday, 14 February)
    • Re: Remove paths from CSP? Daniel Veditz (Saturday, 15 February)
  • Re: Remove paths from CSP? Sigbjørn Vik (Friday, 14 February)
    • Re: Remove paths from CSP? Daniel Veditz (Friday, 14 February)
      • Re: Remove paths from CSP? Pete Freitag (Friday, 14 February)
      • Re: Remove paths from CSP? Sigbjørn Vik (Monday, 17 February)
        • Re: Remove paths from CSP? Daniel Veditz (Tuesday, 18 February)
          • Re: Remove paths from CSP? Sigbjørn Vik (Wednesday, 19 February)
            • Re: Remove paths from CSP? Mike West (Monday, 24 February)
            • Re: Remove paths from CSP? Sigbjørn Vik (Monday, 24 February)
            • Re: Remove paths from CSP? Mike West (Tuesday, 25 February)
            • Re: Remove paths from CSP? Sigbjørn Vik (Tuesday, 25 February)
            • Re: Remove paths from CSP? Michal Zalewski (Tuesday, 25 February)
            • Re: Remove paths from CSP? Sigbjørn Vik (Wednesday, 26 February)
            • Re: Remove paths from CSP? Michal Zalewski (Wednesday, 26 February)
            • Re: Remove paths from CSP? Sigbjørn Vik (Thursday, 27 February)
            • Re: Remove paths from CSP? Oda, Terri (Friday, 28 February)
            • Re: Remove paths from CSP? Sigbjørn Vik (Friday, 28 February)
            • Re: Remove paths from CSP? Daniel Veditz (Tuesday, 25 February)
            • Re: Remove paths from CSP? Sigbjørn Vik (Wednesday, 26 February)
            • Re: Remove paths from CSP? Daniel Veditz (Tuesday, 25 February)
• Re: Remove paths from CSP? Jesper Kristensen (Saturday, 15 February)

CORS for local resources Mountie Lee (Wednesday, 12 February)

• Re: CORS for local resources Anne van Kesteren (Wednesday, 12 February)
  • Re: CORS for local resources Mountie Lee (Wednesday, 12 February)
    • Re: CORS for local resources Anne van Kesteren (Wednesday, 12 February)
      • Re: CORS for local resources Mountie Lee (Wednesday, 12 February)
        • Re: CORS for local resources Anne van Kesteren (Wednesday, 12 February)
          • Re: CORS for local resources Mountie Lee (Wednesday, 12 February)
            • Re: CORS for local resources Anne van Kesteren (Wednesday, 12 February)

[webappsec] Agenda for Teleconference, 12 Feb 2014 Brad Hill (Tuesday, 11 February)

webappsec-ISSUE-57: Do we want to control popups, if so, how? [CSP 1.2] Web Application Security Working Group Issue Tracker (Monday, 10 February)

'child-src' and popups. Mike West (Monday, 10 February)

• Re: 'child-src' and popups. Anne van Kesteren (Monday, 10 February)
  • Re: 'child-src' and popups. Mike West (Monday, 10 February)

Reporting should be explicitly optional (was Re: CSP formal objection.) Mike West (Monday, 10 February)

• Re: Reporting should be explicitly optional (was Re: CSP formal objection.) Bjoern Hoehrmann (Tuesday, 11 February)
  • Re: Reporting should be explicitly optional (was Re: CSP formal objection.) Daniel Veditz (Wednesday, 12 February)
  • Re: Reporting should be explicitly optional (was Re: CSP formal objection.) Mike West (Wednesday, 12 February)
    • Re: Reporting should be explicitly optional (was Re: CSP formal objection.) Bjoern Hoehrmann (Wednesday, 12 February)

Re: Beacon and CSP Mike West (Friday, 7 February)

Re: Processing of meta element Mike West (Friday, 7 February)

• Re: Processing of meta element David Bruant (Friday, 7 February)
  • Re: Processing of meta element Mike West (Monday, 10 February)
    • Re: Processing of meta element David Bruant (Tuesday, 11 February)
      • Re: Processing of meta element Mike West (Wednesday, 12 February)
        • Re: Processing of meta element Oda, Terri (Thursday, 13 February)
• Re: Processing of meta element David Bruant (Tuesday, 11 February)

Re: referrer directive expressiveness Mike West (Friday, 7 February)

• Re: referrer directive expressiveness David Bruant (Friday, 7 February)
  • Re: referrer directive expressiveness Mike West (Monday, 10 February)
    • Re: referrer directive expressiveness Anne van Kesteren (Monday, 10 February)
      • Re: referrer directive expressiveness Mike West (Monday, 10 February)
        • Re: referrer directive expressiveness Anne van Kesteren (Monday, 10 February)
          • Re: referrer directive expressiveness Mike West (Monday, 10 February)
            • Re: referrer directive expressiveness Anne van Kesteren (Monday, 10 February)
            • Re: referrer directive expressiveness Mike West (Monday, 10 February)

CSP, Fetch, and Service Workers Anne van Kesteren (Thursday, 6 February)

Re: CSP formal objection. Brad Hill (Monday, 3 February)

• Re: CSP formal objection. Glenn Adams (Monday, 3 February)
• Re: CSP formal objection. Brian Smith (Monday, 3 February)
• Re: CSP formal objection. Bjoern Hoehrmann (Tuesday, 4 February)
• Re: CSP formal objection. Mike West (Tuesday, 4 February)
• Re: CSP formal objection. Fred Andrews (Friday, 7 February)
  • Re: CSP formal objection. Mike West (Friday, 7 February)
    • RE: CSP formal objection. Fred Andrews (Saturday, 8 February)
      • Re: CSP formal objection. Daniel Veditz (Wednesday, 12 February)
        • Re: CSP formal objection. Mike West (Wednesday, 12 February)
• Re: CSP formal objection. Nicholas Doty (Saturday, 22 February)
  • Re: CSP formal objection. Mike West (Monday, 24 February)

ECMAScript and CSP Anne van Kesteren (Monday, 3 February)

• Re: ECMAScript and CSP Anne van Kesteren (Monday, 3 February)

Last message date: Friday, 28 February 2014 19:31:56 UTC