Category Archives: openweb

Use-Case Zero

Some weeks back I lobbed an overly terse “noooooooooo!!!!!” at the W3C Web Application Security Working Group over revisions to the CSP 1.1 API; specifically a proposed reduction of the surface area to include only bits for which they could think of direct use-cases in a face-to-face meeting. At the time I didn’t have the […]

Why What You’re Reading About Blink Is Probably Wrong

By now you’ve seen the news about Blink on HN or Techmeme or wherever. At this moment, every pundit and sage is attempting to write their angle into the annoucement and tell you “what it means”. The worst of these will try to link-bait some “hot” business or tech phrase into the title. True hacks […]

Reforming the W3C TAG

And so it has come to pass that W3C Technical Architecture Group (TAG) elections are afoot. Nominations have ended and the candidates have been announced. There are four seats open and nine candidates running, so it’s worth understanding why anyone should vote for the reformers (myself, Yehuda Katz, Anne van Kesteren, Peter Linss, and Marcos […]

Origin(al) Sins

Video is now up from a talk I gave in October at OWASP’s AppSec USA conference — something of a departure from my usual speil: Origin(al) Sins – Alex Russell from OWASP AppSec USA on Vimeo. I made some pretty glaring errors in the talk: you can’t combine sandboxing with seamlessness for cross-origin content. It’s […]

Hoisted From The Comments

Some stuff is too good to leave in the shadows. On my Bedrock post, James Hatfield writes in with a chilling point, but one which I’ve been making for a long while: ”every year we’re throwing more and more JS on top of the web” The way things are going in my world, we are […]