-
There was a paper from 2020 https://publications.cispa.saarland/2986/1/roth2020csp.pdf (ref from @simoneonofri). There's [documentation out there](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP…
torgo updated
2 months ago
-
Link: https://hackerone.com/reports/1028192
Date: 2020-11-06 09:17:44 UTC
By: ebot_api
Weakness: None
Details:
Cross-site Scripting (XSS) is an attack technique that involves echoing a…
-
> Element `script` must not have attribute `integrity` unless attribute `src` is also specified.
I'm not sure why this might be, but inline scripts without `unsafe-inline` will not run without an `…
ghost updated
5 years ago
-
Context: https://github.com/w3c/webcrypto/pull/286#issuecomment-936461968
Related: #293
Probably worth to have a dedicated issue 😄
-
@domenic says ECMAScript just did something like this.
-
As mentioned in https://github.com/w3c/webappsec-feature-policy/issues/282#issuecomment-486267212, there's interest in splitting different types of policies out into different pieces of FP. I'm going …
-
-
Currently, it is not possible to tighten `source-expression`s to a specific `path-part`, other then resolve `self` on your own.
I think there is a value to allow `source-expression` like `'self'/use…
-
instances of the [`CredentialCreationOptions`](https://w3c.github.io/webappsec-credential-management/#dictdef-credentialcreationoptions) and [`CredentialRequestOptions`](https://w3c.github.io/webap…
-
_From @ptoomey3 on September 23, 2015 0:12_
I just wanted to open an issue to get your thoughts on `form-action` with respect to redirects. We have been working on deploying `form-action` and have ru…