- From: Brian Smith <brian@briansmith.org>
- Date: Wed, 11 Feb 2015 14:23:52 -0800
- To: Jim Manico <jim.manico@owasp.org>
- Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Jim Manico <jim.manico@owasp.org> wrote: >> It would be great > to hear from you and others about why it is unrealistic now. > > If you want to get premium-level compensation from some ad providers > then you need to give them full DOM access. This "goes away" in a > world where ads are fully sandboxed or not allowed DOM access. I can understand that complete lack of DOM access and/or being thrown in a sandbox may be considered too limiting by some advertisers. But, there must be some middle group between all or nothing. Do they want DOM access because they want to be able to animate/reposition their ad? Do they want to read the contents of the page and use them to select an ad (GMail style)? Are they stealing cookies? (I doubt it.) Any more specific details you can provide would be great. > I am just wondering is the end game to shut this down or perhaps > provide a more flexible sandbox? I am hoping a flexible sandbox is the > end game. > > If there is a configurable ad-friendly web standard for DOM accessible > advertising, please point me in the direction. I don't know what meets the bar of "DOM accessible," but that's exactly what I'm interested in creating. Cheers, Brian
Received on Wednesday, 11 February 2015 22:24:19 UTC