SummerOfCode/2012/UserCSP

Project Title: User Specified Content Security Policy

Goal: The goal of this project is to allow savvy users to be able to voluntarily specify their own CSP policies for websites that have not implemented CSP policies. And automatically infer CSP policies for frequently visited websites if neither user nor web site publisher specify the CSP policy.

Project Status

Schedule of userCSP project deliverable:

• April 30 - May 6 : Develop an add-on for userCSP.
• May 7 - May 13  : Testing SQLite Database library
• May 14 - May 20  : Create Database table to store user define policies. User provided domain name will be the primary key in the userCSP database.
• May 21 - May 27  : Integrate Database into add-on UI
• May 28 - June 10 : CSP Hooking and reading HTTP header.
• June 11 - June 17: Discuss userCSP add-on UI with Mozilla UI team for feedback
• June 19 - June 24: Read website CSP and show it in add-on UI. Implement combine strict and combine loose functionality.
• June 25 - July 1 : Discuss userCSP UI with mozilla UI team for their feedback.
• July 2 - July 8  : Filtering user inputs and follow w3c Standard .
• July 9 - July 15 : Testing add-on and discussion on how to infer policy automatically.
• July 16 - July 29: Develop Database for storing information for automatically inferring CSP policy.
• July 30 - Aug 5  : Implement automatic CSP inferring rules.
• Aug 6 - Aug 19  : Test add-on with auto infer mode and prepare whitelist for commonly use third-party sites (such as, Facebook like button, Google gadget, etc.)

Weekly Status Updates:

• April 23, 2012

• April 30, 2012

• May 07, 2012

• May 14, 2012

• May 21, 2012

• May 28, 2012

• June 4, 2012

• June 11, 2012

• June 18, 2012

• June 25, 2012

• July 2, 2012

• July 9, 2012

• July 16, 2012

• July 23, 2012

• July 30, 2012

• August 6, 2012

• August 13, 2012

• August 20, 2012