ACTION-190: Is reflected-xss directive at risk?
Is reflected-xss directive at risk?
- State:
- open
- Person:
- David Walp
- Due on:
- November 3, 2014
- Created on:
- October 27, 2014
- Associated Issue:
- ISSUE-62
- Related emails:
- No related emails
Related notes:
CSP Level 2 contains the reflected-xss directive, intended to provide a standard way to control browser XSS filters and enable reporting.
http://www.w3.org/TR/CSP2/#reflected-xss
Only Chrome and IE have such filters. If IE doesn't intend to implement this directive, it will not pass the group's chartered bar of two independent implementations. Can Microsoft disclose its intentions regarding this directive?
Display change log.