Details on Product CSP Level 2

All Issues

New issues for this product are notified to public-webappsec@w3.org (change it).

There are 23 issues listed in the system.

ID State Title Raised on Product Open Actions
ISSUE-15 (edit)
SRCDOC, BLOB, ETC		 CLOSED How to handle srcdoc, blob:, di: and ways of directly creating content 2012-07-03 CSP Level 2 0
ISSUE-26 (edit) CLOSED Does the sandbox directive make sense in a meta tag context? 2012-11-01 CSP Level 2 0
ISSUE-30 (edit) CLOSED How to address dynamic application of CSP post page load / partial page load via META or script interface 2012-11-02 CSP Level 2 0
ISSUE-31 (edit) CLOSED What specification's definition of URL/URI are we using for path parsing in CSP 1.1? 2012-11-02 CSP Level 2 0
ISSUE-32 (edit) CLOSED Do we specify that path-specificity applies only to hierarchical URI schemes? 2012-11-02 CSP Level 2 0
ISSUE-33 (edit) CLOSED Need to address blob, data, filesystem URL types with greater specificity in CSP 1.1 spec 2012-11-02 CSP Level 2 0
ISSUE-35 (edit) CLOSED Should we add an "httpOnly" like directive to CSP to indicate that the state of this policy is not available to the script APIs? 2012-11-02 CSP Level 2 0
ISSUE-36 (edit) CLOSED hash as a source expression for csp 1.1 2012-11-02 CSP Level 2 0
ISSUE-37 (edit) CLOSED How to apply plugin-types in CSP 1.1 to iframes 2012-11-02 CSP Level 2 0
ISSUE-38 (edit) CLOSED Discuss no-mixed-content further as a 1.1 experimental directive 2012-11-02 CSP Level 2 0
ISSUE-39 (edit) CLOSED Discuss CSP relevant use cases for possibly including Meta Referrer as a CSP directive 2012-11-02 CSP Level 2 0
ISSUE-40 (edit)
X-XSS-Protection		 CLOSED Look at incorporating X-XSS-Protection functionality into CSP 1.1 2012-11-08 CSP Level 2 0
ISSUE-42 (edit)
CSS Nonce		 CLOSED Script-nonce allows inline script, similar treatment for inline css? 2013-02-01 CSP Level 2 0
ISSUE-43 (edit)
Custom Elements in CSP 1.1		 CLOSED How are custom elements handled in CSP 1.1? 2013-02-01 CSP Level 2 0
ISSUE-46 (edit)
Does nonce make CSP header security-sensitive		 CLOSED Does inclusion of things like nonce make CSP a sensitive header? 2013-04-25 CSP Level 2 0
ISSUE-47 (edit) CLOSED Revisit combinations of header and meta tags 2013-04-25 CSP Level 2 0
ISSUE-48 (edit)
base uri		 CLOSED injection of a <base> tag to change effective location of relative resources 2013-04-25 CSP Level 2 0
ISSUE-49 (edit) CLOSED add http response code to report? 2013-04-25 CSP Level 2 0
ISSUE-50 (edit) CLOSED plugin-type directive and media source list for IE CLSID guids 2013-04-25 CSP Level 2 0
ISSUE-54 (edit)
uri vs url		 CLOSED policy-uri vs. policy-url, (also report, etc.) 2013-07-02 CSP Level 2 0
ISSUE-56 (edit)
child src navigation		 CLOSED Should we restrict subsequent navigation within child-src? 2014-01-14 CSP Level 2 0
ISSUE-58 (edit)
Late binding of CSP		 CLOSED Late binding of CSP policies 2014-04-08 CSP Level 2 0
ISSUE-59 (edit)
SVG rules for CSP		 CLOSED Figure out how to use CSP appropriately with SVG modes 2014-04-23 CSP Level 2 0

All Actions

There are 2 actions.

ID State Title Person Due Date Associated with
ACTION-115 (edit) pending review Make proposal on handling of srcdoc, blob, etc. (ISSUE-15) Adam Barth 2013-05-07 SRCDOC, BLOB, ETC
ACTION-156 (edit) pending review CSP: Clarify plugin-src behavior: if able to determine resource, self or none Mike West 2014-11-01 CSP Level 2

Add a new action item.

See only open and raised issues and actions.

Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: all.html,v 1.1 2020/01/17 08:52:47 carcone Exp $