Hi webkit-dev, Content-Security-Policy 1.0 is nearing Working Group Last Call in the W3C WebAppSec working group. Over the next few weeks, I'm going to polish up our implementation of CSP 1.0 to match the final specification. Our implementation is quite close to the spec, so these changes should be fairly minor. If you're interested in the details, please feel encouraged to CC yourself on the meta bug for CSP 1.0: <https://bugs.webkit.org/show_bug.cgi?id=53572>.
The WebAppSec working group is also chartered to create Content-Security-Policy 1.1, which contains a handful of new directives and features. Currently, CSP 1.1 is a collection of notes in a wiki page: <http://www.w3.org/Security/wiki/Content_Security_Policy#Proposals_for_Version_1.1>. In the coming weeks, these ideas should take shape into a rough specification. If you have a feature that you'd like included in CSP 1.1, the best way to provide feedback is to email [email protected]. I'm planning to incubate our CSP 1.1 implementation on GitHub in the following branch: <https://github.com/abarth/webkit/tree/csp11>. If you're interested in contributing, please feel free to send a pull request to that branch. As CSP 1.1 matures (both in specification and implementation), I plan to upstream the csp11 branch using this meta bug: <https://bugs.webkit.org/show_bug.cgi?id=85558>. Please let me know if you have any questions or concerns. Adam _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
