Details on Product CSP Level 3

Open, Raised and Pending Review Issues

New issues for this product are notified to public-webappsec@w3.org (change it).

There are 11 open and raised issues listed in the system.

ID State Title Raised on Product Open Actions
ISSUE-34 (edit) OPEN Discuss use cases / risks of script access to CSP information, solicit specific public comment on this feature with FPWD 2012-11-02 CSP Level 3 0
ISSUE-57 (edit) OPEN Do we want to control popups, if so, how? 2014-02-10 CSP Level 3 0
ISSUE-64 (edit) OPEN Csp3 how to deal with large policies needed by single-page webapps (http://lists.w3.org/archives/public/public-webappsec/2014aug/0021.html) 2014-08-27 CSP Level 3 0
ISSUE-67 (edit) OPEN WebRTC via 'connect-src'? 2014-09-03 CSP Level 3 0
ISSUE-68 (edit)
401 prompting by subresources
OPEN How to manage 401 phishing prompts by subresources 2014-10-27 CSP Level 3 0
ISSUE-66 (edit) RAISED No-external-navigation as potential csp3 feature http://lists.w3.org/archives/public/public-webappsec/2014aug/0053.html 2014-08-27 CSP Level 3 0
ISSUE-69 (edit)
Overt channel control in CSP
RAISED Consider directives to manage postMessage and external navigation of iframes 2014-10-28 CSP Level 3 0
ISSUE-70 (edit)
Using ni:/// as CSP source
RAISED Investigate using ni:/// as a CSP source expression 2014-11-04 CSP Level 3 0
ISSUE-71 (edit)
JSONP directives
RAISED Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces 2014-11-04 CSP Level 3 0
ISSUE-73 (edit)
CSP path matching
RAISED Consider allowing relative paths (to 'self') in source productions 2014-12-30 CSP Level 3 0
ISSUE-74 (edit)
plugin-types 'none'
RAISED allow explicitly setting the 'none' keyword source for plugin-type directive 2014-12-30 CSP Level 3 0

Open Actions

There are 10 open and pending review actions.

ID State Title Person Due Date Associated with
ACTION-141 (edit) open CSP Next: Update default-src language to be more future-proof Mike West 2015-01-31 CSP Level 3
ACTION-144 (edit) open CSP Next: Propose text on layering of fetch context types with CSP directives Mike West 2015-01-31 CSP Level 3
ACTION-164 (edit) open CSP Next: Integrate mnot's cookie scope proposal. Mike West 2015-01-31 CSP Level 3
ACTION-172 (edit) open Review servicewoker issues relevant to csp from github Mike West 2015-01-31 CSP Level 3
ACTION-182 (edit) open Make sure blob origin is discussed further on list Brad Hill 2014-11-17 CSP Level 3
ACTION-186 (edit) open Do more research on preventing 401 attach http://lists.w3.org/archives/public/public-webappsec/2014aug/0016.html Brad Hill 2015-01-31 CSP Level 3
ACTION-188 (edit) open Evaluate json-src Mike West 2015-01-31 CSP Level 3
ACTION-189 (edit) open Evaluate script-ancestors Mike West 2015-01-31 CSP Level 3
ACTION-192 (edit) open Evaluate control over nesting depth. Mike West 2014-11-03 CSP Level 3
ACTION-198 (edit) open Take bookmarklets discussion back to the list Brad Hill 2014-11-17 CSP Level 3

Add a new action item.

See all issues and actions for this product.


Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $