canmove, Confirmed users
1,537
edits
SecurityEngineering/2014/Q4Goals: Difference between revisions
Jump to navigation
Jump to search
SecurityEngineering/2014/Q4Goals (view source)
Revision as of 18:52, 17 December 2014
, 17 December 2014→Content Security: update goals
(→Content Security: Removed Garret, added Steve from team list) |
(→Content Security: update goals) |
||
| Line 6: | Line 6: | ||
;Outcome: More robust security hooks for better correctness in content security features like CSP, adblock, etc. | ;Outcome: More robust security hooks for better correctness in content security features like CSP, adblock, etc. | ||
;Who: Tanvi, Christoph, Sid, Francois, Steve | ;Who: Tanvi, Christoph, Sid, Francois, Steve | ||
* {{ | * {{risk|Add LoadInfo to Gecko-owned JS callers}} (dri=ckerschb,tanvi) | ||
* {{ | * {{done|Use LoadInfo to implement MCB for HTTP redirects}} (dri=tanvi) | ||
* {{ | * {{done|Implement Next Block of CSP Level 2.0 features}} (dri=sstamm,ckerschb) | ||
** Work to fix spec to have child-src directive we want | ** Work to fix spec to have child-src directive we want | ||
** Implement form-action directive | ** Implement form-action directive | ||
| Line 14: | Line 14: | ||
** Fix frame-ancestors mapping | ** Fix frame-ancestors mapping | ||
** Work to fix spec about blob urls | ** Work to fix spec about blob urls | ||
* {{ | * {{ok|Initial Implementation of sub-resource integrity}} ({{bug|992096}}) (dri=francois) | ||
== Tracking Protection == | == Tracking Protection == | ||