- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 10 Oct 2014 09:03:22 +0200
- To: "David (Standards) Singer" <singer@apple.com>
- Cc: Sid Stamm <sstamm@mozilla.com>, Tracking Protection Working Group <public-tracking@w3.org>
On Thu, Oct 9, 2014 at 7:25 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > Unless you enumerate the hosts somehow, but that still does not allow > you to get around a publicsuffix.org dependency... I'm surprised we > even want such an API. Note that the asynchronous comment still stands. Copying the cookie model seems badly broken, but making a new permission API synchronous is even worse. And did security UX sign off on having explanationString and siteName fields? Typically we do not allow sites to insert text into permission UI as we cannot trust the sites to try to spoof the user. -- https://annevankesteren.nl/
Received on Friday, 10 October 2014 07:03:50 UTC