Details on Product CSP Level 3

All Issues

New issues for this product are notified to (change it).

There are 12 issues listed in the system.

ID State Title Raised on Product Open Actions
ISSUE-34 (edit) OPEN Discuss use cases / risks of script access to CSP information, solicit specific public comment on this feature with FPWD 2012-11-02 CSP Level 3 0
ISSUE-57 (edit) OPEN Do we want to control popups, if so, how? 2014-02-10 CSP Level 3 0
ISSUE-64 (edit) OPEN Csp3 how to deal with large policies needed by single-page webapps ( 2014-08-27 CSP Level 3 0
ISSUE-67 (edit) OPEN WebRTC via 'connect-src'? 2014-09-03 CSP Level 3 0
ISSUE-68 (edit)
401 prompting by subresources
OPEN How to manage 401 phishing prompts by subresources 2014-10-27 CSP Level 3 0
ISSUE-60 (edit)
CLOSED Injecting META tags can be an interesting bypass technique, possibly 2014-04-23 CSP Level 3 0
ISSUE-66 (edit) RAISED No-external-navigation as potential csp3 feature 2014-08-27 CSP Level 3 0
ISSUE-69 (edit)
Overt channel control in CSP
RAISED Consider directives to manage postMessage and external navigation of iframes 2014-10-28 CSP Level 3 0
ISSUE-70 (edit)
Using ni:/// as CSP source
RAISED Investigate using ni:/// as a CSP source expression 2014-11-04 CSP Level 3 0
ISSUE-71 (edit)
JSONP directives
RAISED Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces 2014-11-04 CSP Level 3 0
ISSUE-73 (edit)
CSP path matching
RAISED Consider allowing relative paths (to 'self') in source productions 2014-12-30 CSP Level 3 0
ISSUE-74 (edit)
plugin-types 'none'
RAISED allow explicitly setting the 'none' keyword source for plugin-type directive 2014-12-30 CSP Level 3 0

All Actions

There are 10 actions.

ID State Title Person Due Date Associated with
ACTION-141 (edit) open CSP Next: Update default-src language to be more future-proof Mike West 2015-01-31 CSP Level 3
ACTION-144 (edit) open CSP Next: Propose text on layering of fetch context types with CSP directives Mike West 2015-01-31 CSP Level 3
ACTION-164 (edit) open CSP Next: Integrate mnot's cookie scope proposal. Mike West 2015-01-31 CSP Level 3
ACTION-172 (edit) open Review servicewoker issues relevant to csp from github Mike West 2015-01-31 CSP Level 3
ACTION-182 (edit) open Make sure blob origin is discussed further on list Brad Hill 2014-11-17 CSP Level 3
ACTION-186 (edit) open Do more research on preventing 401 attach Brad Hill 2015-01-31 CSP Level 3
ACTION-188 (edit) open Evaluate json-src Mike West 2015-01-31 CSP Level 3
ACTION-189 (edit) open Evaluate script-ancestors Mike West 2015-01-31 CSP Level 3
ACTION-192 (edit) open Evaluate control over nesting depth. Mike West 2014-11-03 CSP Level 3
ACTION-198 (edit) open Take bookmarklets discussion back to the list Brad Hill 2014-11-17 CSP Level 3

Add a new action item.

See only open and raised issues and actions.

Daniel Veditz <>, Mike West <>, Chairs, Wendy Seltzer <>, Samuel Weiler <>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: all.html,v 1.1 2020/01/17 08:52:52 carcone Exp $