Scripting Policy. #36
Comments
|
@johnwilander suggested that Apple would have an easier time engaging on this proposal if it shifted out of a personal repository: https://twitter.com/johnwilander/status/1430952281818603524. That, in combination with conversations at TPAC in 2019, hopefully justifies adoption. |
|
Yes, we have an interest in trying to reduce the complexity of CSP-like defenses against XSS and other security attacks. I believe we discussed it in WebAppSec already, years ago. Thanks, Mike! |
|
Hooray!! |
|
https://github.com/WICG/csp-next is now live |
|
Thanks! I'll close this out: https://wicg.github.io/csp-next/scripting-policy.html is up, and the old URL redirects correctly. |
tidoust
added a commit
to w3c/browser-specs
that referenced
this issue
Sep 13, 2021
This update adds CSS Cascade 6 and drops CSS Scoping 2 as a result (the latter spec now redirects to the former). It also adds the Scripting Policy and Close Watcher API. The two specs are still at early stages but development is active and proposals are being backed by implementers, see: WICG/proposals#18 WICG/proposals#36
tidoust
added a commit
to w3c/browser-specs
that referenced
this issue
Sep 13, 2021
This update adds CSS Cascade 6 and drops CSS Scoping 2 as a result (the latter spec now redirects to the former). It also adds the Scripting Policy and Close Watcher API. The two specs are still at early stages but development is active and proposals are backed by implementers, see: WICG/proposals#18 WICG/proposals#36
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Introduction
XSS is bad. CSP's syntax is obtuse, and it's trying to do too many things. What if we could just target XSS?
Read the complete Explainer. Also the spec.
Feedback (Choose One)
Please provide all feedback below.
The text was updated successfully, but these errors were encountered: