See also: IRC log
brad: minutes from last meeting not posted unfortunately, so move on to agenda bash
bhill: no requests, so reviewing
... have a new rev of CORS spec with comments from list (bhill, jeffh) will send out later today hopefully
... issues 58, 70, 79 in CORS will be addressed
... action #76: any features at risk in cors due to lack of impl ?
<tanvi> [Mozilla] is tanvi
bhill: odin and gopal not on call
? might want to wait for them to discuss. Odin working on CORS
test suite into shape, will put this on agenda for tpac f2f
discussion next week
... #77, bhill editing
#80, haven't heard back from ? will try to followup
#81: will close
bhill: CSP and CSS discussion
... Ian, please explain
imelven (ian): doesn't think should slow down 1.0 spec; will pay attention to csp1.1
tanvi: tho might be issues wrt gecko vs webkit impl diffs
ian: there's diff understandings wrt aspects of CSSOM and DOM, and discussion on list is good and has reached some conclusions, can address spec changes in v1.1
abarth: thinks addrssing in 1.1 is fine, tho happy to be flexible on which spec we address it in (?)
( is that what abarth said ? )
ian: seems like we're converging on an understanding on the list discussion
who from Moz was mentioned as going to TPAC ?
mkwst == Mike West
now discussing above mail msg 0022.html
bhill: add specific language to spec to address ?
<erlend> It's already in the test suite
abarth: don't really understand
what the issue is?
... don't understand how policy is circumvented
bhill: <see cited msg>
abarth: this sounds like a bug -- poster sounds confused
?: but he's saying that in some browsers self /can/ alter the base tag it seems
abarth: if that's it, then it should be fixed
bhill: is there text that says that base tag shouldn't alter self ?
<gioma1> He refers to a hidden webkit bug: Reference Bug: https://bugs.webkit.org/show_bug.cgi?id=99318
abarth: not sure which browser is he working with? wud be surprised if webkit or geko
tanvi/dveditz: yes, the url is resolved ahead of time, we don't use the base attr to determine what self means
abarth: we should talk to him more on list and get more info
dveditz: < thinks there might be a way that it might happen >
abarth: will followup on list with poster
dveditz: anything in bug 99318 that's interesting/relevant?
abarth: oh, it's not public, will fix that so we can look at it
<imelven> jeffh: tanvi is going to TPAC
<dveditz> jeffh: I am as well
<dveditz> jeffh: other mozilla people are going to other WG
<imelven> not sure about sicking, and bz, i dropped them a mail
abarth: the bug is just a copy of the email msg -- will followup on list in any case
bhill: moving on
... issues with document promotion that was discussed on the list
... do any WG members on call think we should re-open any of the issues?
<silence> don't hear any objections to closing issues 11, 16, 17 , 18, 19 -- any motion to close these, and advance csp 1.0 to CR ?
jeffh: so moved
<bhill2> RESOLVED: issues 11, 16, 17, 18 and 19 to remain closed as previously resolved, CSP to CR
<dveditz> or making espresso?
<dveditz> coffee's done?
bhill: make a formal request to advance UI safety directives to FPWD ?
<bhill2> RESOLVED: Advance UISafety Directives for CSP to FPWD
portion of that spec may be subject to discussions at IETF-85 atlanta, the week following TPAC
bhill: "test the web forward" event the weekend prior to TPAC in paris -- some of us will be there, want to make some time to discuss that, as well as test suite status, specific areas of spec that needs work, test cases need to be generated, solicit folks to work on these, set scheduoles, this is nec. to get to CR
next item: rechartering for WG
bhill: doesn't seem anything we're doing in CSP 1.1 necessitates changes to charter, but is oppty to upgrade charter with additional work; without additional actual deliverables, this WG may close after completing CSP v1.1 and UI Safety
<tanvi> jonas will be at TPAC
bhill: please think about
... will send povisional list of discussion items out to list -- any that folks can think of right now?
... not hearing other proposed items, will send to list, we'll have time to discuss online
... next item
... wrt "test web fwd" -- any info?
gopal: welcomes participation, pls submit test suites if you have them, offering to help you with them if you need help; need to get our test coverage numbers up; want to try to get a regression count -- has been going a bit slow, if can get some help should speed it up; will keep working on it in any case, again welcomes any contributed test cases
bhill: an impt aspect of moving to CR is demonstrating we have actual impls of spec features -- having test cases to demonstrate that will be big help
this is WRT CORS
<gopal> do we have a deadline for CR
bhill: wrt CSPv1.0, we're regarding on impl self-declaration; but CORS has additional complexities, so having actual test cases will be helpful
bhill: Re: CSP 1.1: Paths in source list definitions (msg URI above)
tanvi: thinks agreement on list is fine
bhill: ok, at end of agenda
<dveditz> agrees as long as that understanding makes it into the spec :-)
<tanvi> UserCSP Add-on: https://addons.mozilla.org/en-US/firefox/addon/newusercspdesign/
<tanvi> UserCSP Code (Open Source): https://github.com/patilkr/userCSP
<tanvi> UserCSP Documentation: https://wiki.mozilla.org/SummerOfCode/2012/UserCSP/Wiki
tanvi: over summer worked on google code project "UserCSP"
tanvi: has aspect that helps
developers craft CSP policy for given "page"
... is presently per page, would like feedback, want to make it gen policy for "per site/domain"
bhill: anything else?
... not hearing anything, so see some of you @TPAC next week, will be at ietf following week and have oppty to liase