thanks for the attention and reposting to public-webappsec.
i agree the relevant scope is this list but as this review\comments
was prompted by explicitly trying to keep within process milestones of
CORS i thought to keep the response to the list where notification was
sent. glad it has found the
[ + public-webappsec ]
Below is a comment about CORS.
Given the original CfC for LCWD was started months ago, perhaps this
comment should be considered as an LC comment.
Re whether to use p-webapps or p-webappsec, I don't recall any agreement
on that question. I do note the latest ED says to