[Webkit-unassigned] [Bug 156554] New: CSP: Remove experimental directive reflected-xss

Wed Apr 13 14:01:09 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=156554

            Bug ID: 156554
           Summary: CSP: Remove experimental directive reflected-xss
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org

The Content Security Policy directive reflected-xss was removed from the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015). This directive was considered experimental and was guarded by a run-time flag that was never enabled by default.

For completeness, the directive reflected-xss appeared in the Content Security Policy 1.1 spec, <http://www.w3.org/TR/2013/WD-CSP11-20130604/>, was mentioned as "at-risk, and may be dropped during the CR period" in an early revision of the Content Security Policy Level 2 spec., <https://www.w3.org/TR/2014/WD-CSP2-20140703/>, and was subsequently removed in <https://www.w3.org/TR/2015/CR-CSP2-20150219/>.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160413/2c6d3d9b/attachment.html>