In another spec, I'd like to write: If the <a href="http://www.w3.org/TR/html5/#incumbent-settings-object">incumbent settings object</a> is <a href=" https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-sufficiently-secure">not a sufficiently secure context</a>, then reject _promise_ with a SecurityError. Is there a reason to use the extra verbosity suggested in https://w3c.github.io/webappsec/specs/powerfulfeatures/#new? Thanks, Jeffrey (or Jeff :) On Thu, Jan 29, 2015 at 3:07 AM, Mike West <mkwst@google.com> wrote: > Jeff noted in https://github.com/w3c/webappsec/issues/160 that it was > more than confusing to have two checks in POWER, one for Documents, and one > for settings objects. Since we can get to the one from the other, we should > have one check to avoid boilerplate in every other spec. > > I've combined the checks into > https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-sufficiently-secure. > I'd appreciate feedback regarding the new text's sanity. :) > > Thanks! > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth > Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) >
Received on Thursday, 29 January 2015 16:12:35 UTC