W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > June 2009

[Bug 7032] Sandboxing and Referer

From: <bugzilla@wiggum.w3.org>
Date: Thu, 18 Jun 2009 00:50:34 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1MH5pq-0000Pm-Jz@wiggum.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=7032


Adam Barth <w3c@adambarth.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |w3c@adambarth.com




--- Comment #2 from Adam Barth <w3c@adambarth.com>  2009-06-18 00:50:34 ---
I think the thought process goes like this:

Premise 1) Referer can be used as a credential.
Premise 2) Sandboxed iframes should't get the credentials of their origin
(e.g., they get some unique origin).
-------------
Conclusion: Sandboxed iframes shouldn't get a Referer.

Do you disagree with one of the premises?


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 18 June 2009 00:50:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 18 June 2009 00:50:40 GMT