[webkit-dev] Feature announcement: Content-Security-Policy 1.1

Adam Barth abarth at webkit.org
Sun Jun 17 01:40:35 PDT 2012


On Sun, Jun 17, 2012 at 1:35 AM, Mike West <mkwst at chromium.org> wrote:
> On Fri, May 4, 2012 at 3:13 AM, Adam Barth <abarth at webkit.org> wrote:
>> As CSP 1.1 matures (both in specification and
>> implementation), I plan to upstream the csp11 branch using this meta
>> bug: <https://bugs.webkit.org/show_bug.cgi?id=85558>.
>
> Following up on this, I've just uploaded a patch to
> https://bugs.webkit.org/show_bug.cgi?id=89300 to add an ENABLE_CSP_NEXT
> flag, disabled by default. We'll keep any 1.1 work that lands on trunk
> behind that flag going forward.

We should also note that there's a working draft of the CSP 1.1 spec
available at <http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html>.
 Please send technical feedback on the spec to the W3C's
public-webappsec mailing list.

Thanks!
Adam


More information about the webkit-dev mailing list