Clarification of CSP sandbox and workers

2014-11-11 Thread Deian Stefan
Hey guys, I am implementing CSP for Workers in Firefox, but like to get a clarification on workers and the sandbox flag. Currently, a Worker can inherit or be accompanied by a CSP header. As written, the implications of the sandbox directive on the Worker context is not clear. [Following up on

Re: Clarification of CSP sandbox and workers

2014-11-12 Thread Deian Stefan
+1 Mike West writes: The CSP spec should just delegate to HTML here. If/when HTML defines sandboxing with regard to Workers, CSP will just start using those hooks. Reasonable, the issue also appears outside CSP: if I create a worker in a sandboxed iframe, what should its

Re: Security use cases for packaging

2015-01-29 Thread Deian Stefan
Brad Hill writes: Paging (future Dr.) Deian Stefan to the ER... Any thoughts on using COWL for this kind of thing, with a pinned crypto key as a confinement label to be combined with the regular Origin label? Thanks for paging me! I've thought about something like