- From: Maciej Stachowiak <notifications@github.com>
- Date: Fri, 20 Sep 2019 18:43:18 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Saturday, 21 September 2019 01:43:41 UTC
> In general, one challenge with mitigations here is that they would be straightforward to overcome for sufficiently motivated parties - at the expense of eliminating very legitimate use cases. @dominickng I am very much aware that parts of the URL other than query can be used to smuggle a tracking ID. Note that the two motivations I mentioned (remove start_url entirely, coalesced loads w/ caching proxy or bucketing or the like) do not leave the path attack open, and one doesn’t even block any use cases. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/399#issuecomment-533757563
Received on Saturday, 21 September 2019 01:43:41 UTC