Web Application Security Working Group

Calendar of Events



As stated in its charter, the mission of the Web Application Security Working Group is to develop technical and policy mechanisms to improve the security of and enable secure cross-site communications for applications on the Web.

Mailing List

The group's primary work mode is via discussion on a public mailing list: public-webappsec@w3.org | Subscribe | List Archives

Search the archive


WebAppSec conducts a one hour, members-only teleconference every two weeks. See the calendar of events for the most current dates and times.

Use the W3C's Zakim conference bridge system:

+1.617.761.6200 code 92794 ('WASWG')

Participants in the teleconference are encouraged to please also join the #webappsec channel during the call. Connect to irc.w3.org:6665 with your favorite IRC client or use the web interface.

Minutes for teleconferences and face-to-face meeetings are archived here.

Bugs, Issues & Actions

Technical issues and actions for WG members can be managed on the group's tracker instance. (some features are member-only, see the full tracker documentation)

Some editors use the WG's GitHub repo to manage spec text bugs and pull requests. (technical issues and feature requests must go through the public mailing list first)

Recommendation-Track Drafts

Working Group Note
Brandon Sterne, Adam Barth
Succeeded by Content Security Policy Level 2
Candidate Recommendation
Mike West, Dan Veditz, Adam Barth
Mike West, Brad Hill
Last Call Working Draft
Giorgio Maone, David Lin-Shung Huang, Brad Hill
First Public Working Draft
Frederik Braun, Devdatta Akhawe, Joel Weinberger, Mike West
First Public Working Draft
Jochen Eisinger, Mike West
Candidate Recommendation
Mike West
First Public Working Draft
Mike West
First Public Working Draft
Mike West
First Public Working Draft
Mike West

W3C Recommendations

Anne van Kesteren
Gopal Raghavan, Odin Hørthe Omdal

Non-Recommendation-Track Documents

Working Group Note
Tyler Close, Mark Miller
Input document for Cross-Origin Resource Sharing from WebApps WG
No offical status
John Kemp
Input and reference document



The WebAppSec Working Group operates under a charter approved on 18-March-2015.

Patent Disclosures

The W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent.


Brad Hill (Facebook) and Daniel Veditz (Mozilla)

W3C Team Contact

Wendy Seltzer


(W3C Member-Only) See DBWG and IPP for a list of WG participants.

Liasons with Other Groups

Members and the public interested in this WG's work may also want to follow the W3C Web Security Interest Group and Web Cryptography Working Group as well as the Websec Working Group at the IETF.