- From: raymeskhoury <notifications@github.com>
- Date: Mon, 09 Apr 2018 01:25:17 +0000 (UTC)
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 9 April 2018 01:25:40 UTC
> Or to put it another way, I think a "delegate to A but don't allow further delegation" is probably only really effective when combined with the inability to create further nested iframes (and maybe also a restriction on cross-origin script?). I agree that this could be implemented but I still see it as only a speedhump from a security standpoint and not a guarantee of any kind. What are we really trying to stop? Once I give someone my SSN on the street, they can pass it on to whomever they want. Once you give location to x.com, they can share it back to their servers via XHR and then send it on to any other server. Unless you completely isolate a frame from the network it will always be able to do this type of thing. @slightlyoff if this still isn't coming through clearly let's meet and try to iron things out :) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/225#issuecomment-379601435
Received on Monday, 9 April 2018 01:25:40 UTC