The details behind Transport/Isolation/Injection as they seem a rather core part of the proposal. And reading it again I also realize it does not help with `window.frames` and "cross-origin" history manipulation, which is fine, but adds some confusion as they are part of the threat model. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/471#issuecomment-582461687
Received on Wednesday, 5 February 2020 15:27:14 UTC