- From: <bugzilla@jessica.w3.org>
- Date: Tue, 11 Nov 2014 10:19:14 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27271 --- Comment #10 from Mike West <mkwst@google.com> --- (In reply to Henri Sivonen from comment #9) > Hmm. Actually, my comment 7 might have been wrong regarding whether the > algorithm is trying to do what I want. It loops up the browsing context > chain only for srcdoc. I meant to loop up the chain for all docs and fail if > anything in the chain is untrusted. Best to file a new bug for that. I think I agree that that's what we should put in the spec, but it doesn't match Chrome's current behavior. I believe that's probably a reason to change Chrome, but we'll have to think about the impact (e.g. Netflix would break today). -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 11 November 2014 10:19:15 UTC