Project Title: User Specified Content Security Policy
Goal: The goal of this project is to allow savvy users to be able to voluntarily specify their own CSP policies for websites that have not implemented CSP policies. And automatically infer CSP policies for frequently visited websites if neither user nor web site publisher specify the CSP policy.
- PATIL Kailas < patilkr24 AT gmail DOT com >
Schedule of userCSP project deliverable:
- April 30 - May 6 : Develop an add-on for userCSP.
- May 7 - May 13 : Testing SQLite Database library
- May 14 - May 20 : Create Database table to store user define policies. User provided domain name will be the primary key in the userCSP database.
- May 21 - May 27 : Integrate Database into add-on UI
- May 28 - June 10 : CSP Hooking and reading HTTP header.
- June 11 - June 17: Read website CSP and show it in add-on UI.
- June 19 - June 24: Implement combine strict and combine loose functionality.
- June 25 - July 1 : Fix issues: Firefox version number issue, UI not going away, intersectWith, All tab UI, CombineLoose and CombineStrict features.
- July 2 - July 8 : Discuss userCSP UI with mozilla UI team for their feedback. Filtering user inputs and follow w3c Standard .
- July 9 - July 15 : Testing add-on and discussion on how to infer policy automatically.
- July 16 - July 29: Develop Database for storing information for automatically inferring CSP policy.
- July 30 - Aug 5 : Implement automatic CSP inferring rules.
- Aug 6 - Aug 19 : Test add-on with auto infer mode and prepare whitelist for commonly use third-party sites (such as, Facebook like button, Google gadget, etc.)
Weekly Status Updates:
- August 20, 2012