W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: Scope and complexity (was Re: More on XSS mitigation)

From: Lucas Adamski <lucas@mozilla.com>
Date: Tue, 25 Jan 2011 12:13:23 -0800
Message-Id: <03FCBB34-EAA5-4823-8634-FB99AFED5B02@mozilla.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
To: Adam Barth <w3c@adambarth.com>
Yes, but you are proposing to remove significant amounts of security protections that others clearly desire and have practical uses for.   That would seem to call for specific compelling arguments that current proposal is substantially worse than your alternative proposal, and that those deficiencies outweigh the additional benefits.
  Lucas.

On Jan 25, 2011, at 10:42, Adam Barth <w3c@adambarth.com> wrote:
> 
> IMHO, in the first iteration we should nail XSS and set up a
> extensible policy framework that we can extend to address other
> threats in the future.
> 
> Adam
Received on Tuesday, 25 January 2011 20:14:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 January 2011 20:14:34 GMT