webappsec Search Results

1000+ results
for webappsec

Best match

Best match Most commented Newest Recently updated Least commented Oldest Least recently updated

w3c/webappsec #654

Planning TPAC.

TPAC is coming! We should create an agenda for the two sessions we have (on [23.09.2024](https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/) and [26.09.2024](https://www.w3.org/e…

mikewest updated 1 month ago
11
w3c/modern-tooling #36

Finding things on the site - making links

Many times in the document the author complains that he can't find things. W3C groups, IRC logs, and so on. Just complaining you can't find things is not enough -- you have to say how you tried (fo…

timbl updated 9 years ago
1
protocol-registries/http-fields #50

Referrer-Policy

Please confirm that: * [x] You have read and understood the [requirements for registration](https://www.ietf.org/archive/id/draft-ietf-httpbis-semantics-19.html#name-field-extensibility). * [x] Yo…

stiiin updated 2 months ago
5
WICG/kv-storage #22

Thoughts on sessionStorage

This proposal only covers async localStorage at the moment, leaving its less common sibling sessionStorage unmentioned. Nevertheless I occasionally see those who recommend using it for handling tempor…

Zirro updated 5 years ago
5
w3c/webappsec-csp #45

Further granularity of unsafe-inline styles

Could we consider decoupling `` and `style="..."` usage in `style-src 'unsafe-inline'` CSP setup? The rationale is that as far as I am aware `style="..."` has no modern security issues in CSP support…

jonathanKingston updated 1 year ago
16
WICG/signature-based-sri #12

`require-sri-for` removed from the SRI spec

Bullet point nr. 3 in the explainer talks about `require-sri-for` which was removed in https://github.com/w3c/webappsec-subresource-integrity/pull/82. > Content Security Policy can layer on top of…

Malvoz updated 3 weeks ago
2
privacycg/storage-access #130

FR: Request header to indicate storage access

Currently, the server has no way of knowing whether a particular document request was initiated from an iframe without storage access. Many applications wish to serve a different page when the request…

lghall updated 10 months ago
8
w3c/webappsec-credential-management #8

CREDENTIAL: Credential scope should not be limited to login

_From @dlongley on April 15, 2015 13:58_ Credentials may be used for more than just login, and a credential may not represent a user's entire identity. This means that browsers can't just take a list…

mikewest updated 9 years ago
3
w3c/webappsec-permissions-policy #349

Disable DOM clobbering.

https://research.securitum.com/xss-in-amp4email-dom-clobbering/ is a good example of the kinds of attacks enabled by the somewhat unexpected mapping of elements into the global namespace via the `name…

mikewest updated 8 months ago
14
ladjs/lad #367

v3.0.0 Release Wishlist

# 2.0.0 Release Wishlist ## Features - [x] `mandarin` should automatically wrap placeholder tokens with `%s` - [x] Remove `auto-bind` from any dependencies - [x] Drop `strength` in favor of ht…

niftylettuce updated 3 years ago
20

上一页 1...43 44 45 46 47 48 49...100 下一页

1000+ results for webappsec

1000+ results
for webappsec