- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Mon, 5 Nov 2012 09:00:29 -0800
- To: "Mike O'Neill" <michael.oneill@baycloud.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Received on Monday, 5 November 2012 17:01:14 UTC
Mike, We've vetted this approach with the Working Group in DC and still feel it's the appropriate path. The goal is to build a standard for good actors, not hijack the focus for bad actors that would not implement DNT in the first place (or develop a "silent exception" process due to its audit trail). - Shane From: Mike O'Neill [mailto:michael.oneill@baycloud.com] Sent: Monday, November 05, 2012 9:55 AM To: public-tracking@w3.org Subject: Re: ACTION-314: Draft non-normative examples of how a multi-domain site technically can ask for exceptions Shane, I don't think that will work, because the document origin of the iframes will be different to the top level document origin of the page. i.e. if an iframe embedded in site xyz.com has src=companyxyz.com/resource then JS in the resource (executed in a third-party context) will not be able to set an exception for xyz.com. This is as it should be because otherwise it would be too easy for third-party script to silently create exceptions without the user being aware Script in the window (with doc origin ) companyxyz.com could set up a target exception for xyz.com and vice versa though. Mike
Received on Monday, 5 November 2012 17:01:14 UTC