Tracker summary for Brad Hill

Web Application Security Working Group Tracker

Open Actions

There are 13 open actions.

ID State Title Person Due Date Associated with
ACTION-200 (edit) pending review Investigate git issue tooling with other w3c groups Brad Hill 2014-11-24
ACTION-204 (edit) pending review Reply to mark watson that 1/2 of his issue is a last call comment to mix Brad Hill 2014-11-24
ACTION-205 (edit) pending review Does link really violate csp guarantees? Brad Hill 2014-11-24
ACTION-206 (edit) pending review Reply on referrer suggest imperative policy controls in serviceworker Brad Hill 2014-11-24
ACTION-181 (edit) open Suggest more clear use case and language around exact behavior for noncanonical-src Brad Hill 2014-11-17 Subresource Integrity Level 1
ACTION-182 (edit) open Make sure blob origin is discussed further on list Brad Hill 2014-11-17 CSP Level 3
ACTION-198 (edit) open Take bookmarklets discussion back to the list Brad Hill 2014-11-17 CSP Level 3
ACTION-207 (edit) open Raise definition of sandboxed worker in html spec Brad Hill 2014-11-24
ACTION-210 (edit) open Move sri bugs in bugzilla to github Brad Hill 2015-01-19
ACTION-211 (edit) open Ask github if they prefer fail open / closed on unknown hashes Brad Hill 2015-01-19
ACTION-186 (edit) open Do more research on preventing 401 attach Brad Hill 2015-01-31 CSP Level 3
ACTION-212 (edit) open Issue cfc to take mixed content to cr Brad Hill 2015-02-16
ACTION-213 (edit) open Reply to brian smith re: csp2 to cr Brad Hill 2015-02-16

Open Issues

There are 5 open issues listed in the system.

ID State Title Raised on Product Open Actions
ISSUE-68 (edit)
401 prompting by subresources
OPEN How to manage 401 phishing prompts by subresources 2014-10-27 CSP Level 3 0
ISSUE-70 (edit)
Using ni:/// as CSP source
RAISED Investigate using ni:/// as a CSP source expression 2014-11-04 CSP Level 3 0
ISSUE-71 (edit)
JSONP directives
RAISED Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces 2014-11-04 CSP Level 3 0
ISSUE-73 (edit)
CSP path matching
RAISED Consider allowing relative paths (to 'self') in source productions 2014-12-30 CSP Level 3 0
ISSUE-74 (edit)
plugin-types 'none'
RAISED allow explicitly setting the 'none' keyword source for plugin-type directive 2014-12-30 CSP Level 3 0

Tracker: documentation, , originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: 47563.html,v 1.1 2020/01/17 08:53:11 carcone Exp $