- From: <bugzilla@jessica.w3.org>
- Date: Tue, 11 Nov 2014 10:11:44 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27271 --- Comment #9 from Henri Sivonen <hsivonen@hsivonen.fi> --- (In reply to Mike West from comment #8) > (In reply to Henri Sivonen from comment #7) > > I think it makes sense to reference that algorithm. It tries to do what I > > want. I'm not 100% sure it currently does what I want, but if it doesn't, it > > seems clear I should file a bug on that spec instead instead of proposing a > > different algorithm here. (Specifically, it's unclear to me what step 3 does > > if the branch in step 2 is not taken.) > > Ah, yes. That was silly. > > The new step 2 now sets `origin` even if the document isn't sandboxed: > <https://w3c.github.io/webappsec/specs/mixedcontent/#may-document-use- > powerful-features>. Sorry about that! > > More bug reports welcome; that spec is going into last call on Thursday, so > right now is a _brilliant_ time to skim it and tell me how broken it is. :) Hmm. Actually, my comment 7 might have been wrong regarding whether the algorithm is trying to do what I want. It loops up the browsing context chain only for srcdoc. I meant to loop up the chain for all docs and fail if anything in the chain is untrusted. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 11 November 2014 10:11:49 UTC