- From: Dylan Barrell <notifications@github.com>
- Date: Thu, 03 Dec 2015 11:58:44 -0800
- To: w3c/webcomponents <webcomponents@noreply.github.com>
- Message-ID: <w3c/webcomponents/issues/100/161765813@github.com>
How did you quote my message like that - that is cool! If the intent is to increase security then I would like to see a list of the security requirements that this is supposed to fulfill. For example, https://tools.ietf.org/html/rfc6454 specifies the principles that drive the iframe security model. Is this explicitly a goal of this specification - to provide security that equals that of RFC6454? If it is, then we do not need a closed option at all, the browser can automatically apply the security model. If it is not the aim, then where is the description of the principles and rationale that are driving this requirement? Without an explicit statement on the goals of this supposed security and the needs it is addressing, we cannot evaluate the effectiveness of the spec in meeting these needs and goals. If the intent is security, then why is there no discussion about the impact of this spec on canvas DOM rendering? https://developer.mozilla.org/en-US/docs/Web/API/Canvas_API/Drawing_DOM_objects_into_a_canvas The rationale for this feature has never been documented and yet the very legitimate concerns related to test automation and auditing that this specification causes have not been addressed. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webcomponents/issues/100#issuecomment-161765813
Received on Thursday, 3 December 2015 19:59:20 UTC