#1128: Other Spec Review: Extend CSP script-src hashes
Discussions
Log in to see TAG-private discussions.
Discussed
Aug 11, 2025 (See Github)
bump to C please
Discussed
Aug 18, 2025 (See Github)
Ehsan: Had an initial review, Jeffrey and Martin got back to me. Had a conversation to make a decision on that. Needs more clarification from them. This is progressing, for now.
Martin: Took a brief look at it, explainer is poorly written. Doesn't really explain the how and why.
Ehsan: Looks more like a brainstorming document. Doesn't come to a single proposal.
Hadley: It's totally fair to say that to the proponents, and having them come back.
Ehsan: I would respond to Jeffrey and once he has feedback for me, and ask them to make the explainer more clear. If that looks sensible?
Hadley: Yes. There's a label for "too early," which might be appropriate here.
Comment by @martinthomson Aug 20, 2025 (See Github)
@carlosjoan91, could you at least open a pull request on the spec? https://github.com/w3c/webappsec-csp/compare/main...carlosjoan91:webappsec-csp:main is far from a stable reference (not that a pull request is materially different, but we've become accustomed to that). A pull request at least signals that you are actively engaging with the spec editors and anyone who is watching.
Comment by @carlosjoan91 Aug 20, 2025 (See Github)
Sure, I created https://github.com/w3c/webappsec-csp/pull/784. I wasn't sure about the timeline for creating a PR and whether that should come before/after TAG review.
OpenedJul 31, 2025
Specification
https://github.com/w3c/webappsec-csp/compare/main...carlosjoan91:webappsec-csp:main
Explainer
https://github.com/explainers-by-googlers/script-src-v2/blob/main/README.md
Links
The specification
Where and by whom is the work is being done?
Feedback so far
You should also know that...
No response
<!-- Content below this is maintained by @w3c-tag-bot -->Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1128