ACTION-190: Is reflected-xss directive at risk?

Is reflected-xss directive at risk?

State:
open
Person:
David Walp
Due on:
November 3, 2014
Created on:
October 27, 2014
Associated Issue:
ISSUE-62
Related emails:
No related emails

Related notes:

CSP Level 2 contains the reflected-xss directive, intended to provide a standard way to control browser XSS filters and enable reporting.

http://www.w3.org/TR/CSP2/#reflected-xss

Only Chrome and IE have such filters. If IE doesn't intend to implement this directive, it will not pass the group's chartered bar of two independent implementations. Can Microsoft disclose its intentions regarding this directive?

Brad Hill, 27 Oct 2014, 04:19:44

Display change log.

Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 190.html,v 1.1 2020/01/17 08:51:38 carcone Exp $