Open Bug 968586 (csp-w3c-2) Opened 7 years ago Updated 1 year ago

[meta] Implement Content Security Level 2 per the W3C standard

Categories

(Core :: DOM: Security, enhancement, P3)

x86_64
Linux
enhancement

Tracking

()

ASSIGNED

People

(Reporter: grobinson, Assigned: ckerschb)

References

(Depends on 9 open bugs, Blocks 1 open bug, )

Details

(Keywords: meta, Whiteboard: [domsecurity-meta])

Track work needed to bring Gecko to conformance with the CSP 1.1 spec currently being developed.
I'm not sure that this should depend on the XSS filter bug - that doesn't need to be fixed for Gecko to be CSP 1.1 compliant, more that if Gecko had one, it would need to honor the reflected-xss directive.
Depends on: 846978
Depends on: 873302
Alias: csp-w3c-1.1
Component: Security → DOM: Security
No longer depends on: xssfilter
Depends on: 1007634
Depends on: 1036399
Depends on: 1037335
Depends on: 999656
Depends on: 1100181
Keywords: meta
Summary: Implement Content Security Policy 1.1 per the W3C standard → Implement Content Security Policy 1.1 (Level 2) per the W3C standard
Alias: csp-w3c-1.1 → csp-w3c-2
Summary: Implement Content Security Policy 1.1 (Level 2) per the W3C standard → Implement Content Security Level 2 per the W3C standard
Depends on: 1004703
Depends on: 1139297
Depends on: 1177074
Depends on: 1220001
Depends on: 1223647
Depends on: 1219453
Depends on: 1222904
Depends on: 1224225
Depends on: 1224694
Depends on: CVE-2016-2816
No longer depends on: 1100181
Whiteboard: [domsecurity-meta]
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Depends on: 1297051
Depends on: 1313937
Duplicate of this bug: 1340891
Depends on: 1340891
Depends on: 1024557
Depends on: 1404438
Depends on: 1412271
Depends on: 1469150
Priority: -- → P3
No longer depends on: 1037335
Depends on: 1472661
Summary: Implement Content Security Level 2 per the W3C standard → [meta] Implement Content Security Level 2 per the W3C standard
Type: defect → enhancement
You need to log in before you can comment on or make changes to this bug.