- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 30 Oct 2014 16:23:39 +0000 (UTC)
- To: Anne van Kesteren <annevk@annevk.nl>
- cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, 30 Oct 2014, Anne van Kesteren wrote: > > http://w3c.github.io/webappsec/specs/mixedcontent/#categorize-settings-object > > 1) Should this not also consider the state "deprecated authentication"? > > 2) A browsing context has a set of documents associated with it. So e.g. > if /a has an <iframe> with /embed and then the user navigates from /a to > /b while something in /embed requires a restrict mixed content check, we > might end up with a problem. Not sure how to solve this. Ian? Why would this be a problem? If you navigate the top-level browsing context the embedded stuff becomes irrelevant, no? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 30 October 2014 16:24:02 UTC