W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

Re: [webappsec] new draft of UI Security available

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 25 Mar 2013 21:31:16 +0000
Message-ID: <CADnb78i_pzqu8QdBTbB2SJ7sS4RWM2jW2eau3M2c=CLDWuwdhw@mail.gmail.com>
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Mar 25, 2013 at 9:13 PM, Hill, Brad <bhill@paypal-inc.com> wrote:
> Please take a look.  I’d especially like feedback as to whether the webIDL
> definitions of the interface as “partial” rather than extending the CSP 1.1
> directives is the correct choice.

It's not really clear to me what you mean here. "partial" is an
extension by definition. A "partial UIEvent" is lacking to define the
unsafe property.


I noticed "blocked-target-xpath". It's not really clear to me we want
to add a dependency on XPath. We don't have that anywhere else. And in
fact this is a new kind of requirement, where you have a node and want
to generate a path to it, which is something we have nowhere as far as
I know.


In general this specification lacks a model. There's a bunch of
features and descriptions of them, but it is not exactly clear where
they matter in an implementation.


-- 
http://annevankesteren.nl/
Received on Monday, 25 March 2013 21:31:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC