Edit ACTION-190: Is reflected-xss directive at risk?

Title:

State:

Person:

Due Date:

(accepts formats such as "2005-05-17", "+1 week", "14 August 2005" and "next Thursday")

Associated Issue:

Or Associated Product:

Add notes (no markup allowed, URIs get automatically hyperlinked):

No related emails.

Related notes:

CSP Level 2 contains the reflected-xss directive, intended to provide a standard way to control browser XSS filters and enable reporting.

http://www.w3.org/TR/CSP2/#reflected-xss

Only Chrome and IE have such filters. If IE doesn't intend to implement this directive, it will not pass the group's chartered bar of two independent implementations. Can Microsoft disclose its intentions regarding this directive?

Brad Hill, 27 Oct 2014, 04:19:44


Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $