ACTION-190: Is reflected-xss directive at risk?

Is reflected-xss directive at risk?

State:
open
Person:
David Walp
Due on:
November 3, 2014
Created on:
October 27, 2014
Associated Issue:
ISSUE-62
Related emails:
No related emails

Related notes:

CSP Level 2 contains the reflected-xss directive, intended to provide a standard way to control browser XSS filters and enable reporting.

http://www.w3.org/TR/CSP2/#reflected-xss

Only Chrome and IE have such filters. If IE doesn't intend to implement this directive, it will not pass the group's chartered bar of two independent implementations. Can Microsoft disclose its intentions regarding this directive?

Brad Hill, 27 Oct 2014, 04:19:44

Changelog:

Created action 'Is reflected-xss directive at risk?' assigned to David Walp, due 2014-11-03 bound to ISSUE-62

27 Oct 2014, 04:17:51


Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $