W3C

Content Security Policy Level 3

2017 年 2 月 22 日付 編集者草案

このバージョン
編集者草案
https://w3c.github.io/webappsec-csp/
最新発行バージョン
https://www.w3.org/TR/CSP3/
以前のバージョン
https://www.w3.org/TR/2016/WD-CSP3-20160913/
バージョン履歴
https://github.com/w3c/webappsec-csp/commits/master/index.src.html
フィードバック
public-webappsec@w3.org with subject line “[csp3] … message topic …” (archives)
編集
Mike West (Google Inc.)
Participate:
File an issue (open issues)
Copyright © 2017 W3C® (MIT, ERCIM, Keio, Beihang). W3C liability, trademark and document use rules apply.

索引

この仕様により定義される用語

【 この節の内容は省略(ウィンドウ下端の索引機能を利用されたし)。 】

他の仕様で定義される用語

【 この節の内容は省略。 】

参照文献

文献(規範)

[CSS-CASCADE-4]
Elika Etemad; Tab Atkins Jr.. CSS Cascading and Inheritance Level 4.
http://dev.w3.org/csswg/css-cascade/
[CSSOM]
Simon Pieters; Glenn Adams. CSS Object Model (CSSOM).
https://drafts.csswg.org/cssom/
[ECMA262]
Brian Terlson; Allen Wirfs-Brock. ECMAScript® Language Specification.
https://tc39.github.io/ecma262/
[FETCH]
Anne van Kesteren. Fetch Standard. Living Standard.
https://fetch.spec.whatwg.org/
[HTML]
Anne van Kesteren; et al. HTML Standard. Living Standard.
https://html.spec.whatwg.org/multipage/
[INFRA]
Anne van Kesteren; Domenic Denicola. Infra Standard. Living Standard.
https://infra.spec.whatwg.org/
[MIMESNIFF]
Gordon P. Hemsley. MIME Sniffing Standard. Living Standard.
https://mimesniff.spec.whatwg.org/
[REPORTING]
Ilya Gregorik; Mike West. Reporting API.
https://wicg.github.io/reporting/
[RFC2045]
N. Freed; N. Borenstein. Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. November 1996. Draft Standard.
https://tools.ietf.org/html/rfc2045
[RFC3492]
A. Costello. Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA). March 2003. Proposed Standard.
https://tools.ietf.org/html/rfc3492
[RFC3864]
G. Klyne; M. Nottingham; J. Mogul. Registration Procedures for Message Header Fields. September 2004. Best Current Practice.
https://tools.ietf.org/html/rfc3864
[RFC3986]
T. Berners-Lee; R. Fielding; L. Masinter. Uniform Resource Identifier (URI): Generic Syntax. January 2005. Internet Standard.
https://tools.ietf.org/html/rfc3986
[RFC4648]
S. Josefsson. The Base16, Base32, and Base64 Data Encodings. October 2006. Proposed Standard.
https://tools.ietf.org/html/rfc4648
[RFC5234]
D. Crocker, Ed.; P. Overell. Augmented BNF for Syntax Specifications: ABNF. January 2008. Internet Standard.
https://tools.ietf.org/html/rfc5234
[RFC5988]
M. Nottingham. Web Linking. October 2010. Proposed Standard.
https://tools.ietf.org/html/rfc5988
[RFC7230]
R. Fielding, Ed.; J. Reschke, Ed.. Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing. June 2014. Proposed Standard.
https://tools.ietf.org/html/rfc7230
[RFC7231]
R. Fielding, Ed.; J. Reschke, Ed.. Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. June 2014. Proposed Standard.
https://tools.ietf.org/html/rfc7231
[RFC7762]
M. West. Initial Assignment for the Content Security Policy Directives Registry. January 2016. Informational.
https://tools.ietf.org/html/rfc7762
[SERVICE-WORKERS-1]
Alex Russell; et al. Service Workers 1.
https://w3c.github.io/ServiceWorker/
[SHA2]
FIPS PUB 180-4, Secure Hash Standard.
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
[SRI]
Devdatta Akhawe; et al. Subresource Integrity.
https://w3c.github.io/webappsec-subresource-integrity/
[WHATWG-DOM]
Anne van Kesteren. DOM Standard. Living Standard.
https://dom.spec.whatwg.org/
[WHATWG-URL]
Anne van Kesteren. URL Standard. Living Standard.
https://url.spec.whatwg.org/

文献(参考)

[APPMANIFEST]
Marcos Caceres; et al. Web App Manifest.
https://w3c.github.io/manifest/
[BEACON]
Ilya Grigorik; et al. Beacon.
https://w3c.github.io/beacon/
[CSP2]
Mike West; Adam Barth; Daniel Veditz. Content Security Policy Level 2.
https://w3c.github.io/webappsec/specs/CSP2/
[CSS-ABUSE]
Chris Evans. Generic cross-browser cross-domain theft. 28 December 2009.
https://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html
[EVENTSOURCE]
Ian Hickson. Server-Sent Events.
http://dev.w3.org/html5/eventsource/
[FILEDESCRIPTOR-2015]
filedescriptor. CSP 2015. 23 November 2015.
https://blog.innerht.ml/csp-2015/#danglingmarkupinjection
[H5SC3]
Mario Heiderich. H5SC Minichallenge 3: "Sh*t, it's CSP!".
https://github.com/cure53/XSSChallengeWiki/wiki/H5SC-Minichallenge-3:-%22Sh*t,-it%27s-CSP!%22
[HTML-DESIGN]
Anne Van Kesteren; Maciej Stachowiak. HTML Design Principles.
https://www.w3.org/TR/html-design-principles/
[MIX]
Mike West. Mixed Content.
https://w3c.github.io/webappsec-mixed-content/
[TIMING]
Paul Stone. Pixel Perfect Timing Attacks with HTML5.
http://www.contextis.com/documents/2/Browser_Timing_Attacks.pdf
[UISECURITY]
Brad Hill. User Interface Security and the Visibility API.
https://w3c.github.io/webappsec-uisecurity/index.html
[UPGRADE-INSECURE-REQUESTS]
Mike West. Upgrade Insecure Requests.
https://w3c.github.io/webappsec-upgrade-insecure-requests/
[WEBSOCKETS]
Ian Hickson. The WebSocket API. 20 September 2012. CR.
https://www.w3.org/TR/websockets/
[XHR]
Anne van Kesteren. XMLHttpRequest Standard. Living Standard.
https://xhr.spec.whatwg.org/
[XSLT]
James Clark. XSL Transformations (XSLT) Version 1.0. 16 November 1999. REC.
https://www.w3.org/TR/xslt

IDL 索引

【 この節の内容は省略(見出しクリックで巡回)。 】

課題 索引

【 この節の内容は省略(見出しクリックで巡回)。 】