Web Application Security Working Group
Issue Tracking
Summary
Issues:
Raised
Open
Pending Review
Closed
Postponed
All
Create
Actions:
Open
Overdue
Closed
Pending Review
Raise
Users
My
Tracker
Products
Agenda planning
Recent activity
Raised Issues
Apply the following changes to selected issues:
Mark as
No status change
Closed
Open
Raised
Pending Review
Postponed
Associate to product:
No change
CORS
CSP Level 1
CSP Level 2
CSP Level 3
Mixed Content
Referrer Policy
Subresource Integrity Level 1
Subresource Integrity Level 2
UI Security
There are 8 raised issues listed in the system.
↓
ID
↓
State
Title
Raised on
↓
Product
Open Actions
ISSUE-65
RAISED
Does "no referrer" specify a state or is it a token? is a token with a space problematic?
2014-08-27
Referrer Policy
0
ISSUE-66
RAISED
No-external-navigation as potential csp3 feature http://lists.w3.org/archives/public/public-webappsec/2014aug/0053.html
2014-08-27
CSP Level 3
0
ISSUE-69
Overt channel control in CSP
RAISED
Consider directives to manage postMessage and external navigation of iframes
2014-10-28
CSP Level 3
0
ISSUE-70
Using ni:/// as CSP source
RAISED
Investigate using ni:/// as a CSP source expression
2014-11-04
CSP Level 3
0
ISSUE-71
JSONP directives
RAISED
Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces
2014-11-04
CSP Level 3
0
ISSUE-72
Streaming Integrity
RAISED
How to apply integrity verification to large / streaming downloads
2014-11-17
Subresource Integrity Level 2
0
ISSUE-73
CSP path matching
RAISED
Consider allowing relative paths (to 'self') in source productions
2014-12-30
CSP Level 3
0
ISSUE-74
plugin-types 'none'
RAISED
allow explicitly setting the 'none' keyword source for plugin-type directive
2014-12-30
CSP Level 3
0
Raise an issue
.
Daniel Veditz <
dveditz@mozilla.com
>, Mike West <
mkwst@google.com
>, Chairs, Wendy Seltzer <
wseltzer@w3.org
>, Samuel Weiler <
weiler@w3.org
>, Staff Contacts
Tracker:
documentation
, (
configuration for this group
), originally developed by
Dean Jackson
, is developed and maintained by the Systems Team <
w3t-sys@w3.org
>.
$Id: raised.html,v 1.1 2020/01/17 08:52:46 carcone Exp $