- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Thu, 27 Jan 2011 11:11:23 -0800
- To: Adam Barth <w3c@adambarth.com>
- CC: Michal Zalewski <lcamtuf@coredump.cx>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
On 1/27/11 11:05 AM, Adam Barth wrote: > On Thu, Jan 27, 2011 at 10:35 AM, Daniel Veditz <dveditz@mozilla.com> wrote: >> Borderline: favicons aren't "in" the page, but if you're worried >> about exfiltration then it's a problem that they are linked to by >> the page. > > I don't think we'll ever be able to stop exfiltration. IMHO, worrying > about exfiltration is just a distraction. I tend to agree, which is why the current CSP ignores favicons.
Received on Thursday, 27 January 2011 19:12:05 UTC