-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Planning 2024-01-17. #638
Comments
Can I suggest spending some time revisiting some of the long-standing spec bugs in the CSP spec? I got bit by w3c/webappsec-csp#609, and it looks like Safari is following the spec (i.e. not respecting There's a few more, like w3c/webappsec-csp#426, w3c/webappsec-csp#523, w3c/webappsec-csp#423, etc, though I think mostly these haven't lead to implementation issues like the one above. More generally, getting a more consistent story around hashes, nonces, and strict-dynamic would be of great help. There's a bunch of stuff which has come up over the years - w3c/webappsec-csp#632, w3c/webappsec-csp#375, w3c/webappsec-csp#623, w3c/webappsec-csp#625, w3c/webappsec-csp#433, w3c/webappsec-csp#487, w3c/webappsec-csp#212, etc. |
I can give a <5 minute verbal update, without slides. (The gist is as follows: We want to make sure that TT does not add things to the web platform, which aren't widely regarded as useful or popular. Chrome is shipping UseCounters to that extend. There are some additional issues with spec maintenance and its integration with existing specifications, I hope mostly of editorial natures. Though I wouldn't be surprised if they will result in some additional design work.) |
I'm also happy to give a brief 5 (probably less) minute update, and receive any feedback others may have. |
Planning the 2024-01-17 WebAppSec meeting. A few potential topics come to mind:
Trusted Types, given Mozilla's rekindled interest. Perhaps @koto, @otherdaniel, @mozfreddyb would be interested in chatting through some of the outstanding issues raised in those comments/against the spec?
:visited
partitioning. @kyraseevers has been pushing ahead with infrastructure changes in Chromium. Perhaps there's interest in discussing some of the feedback (e.g. Partitioning :visited links history w3ctag/design-reviews#896 (comment))?Cross-Origin-Opener-Policy: restrict-properties
. @camillelamy might have feedback to share from the Origin Trial Chrome's currently running?Your idea goes here.
The text was updated successfully, but these errors were encountered: