Re: [W3C TCP and UDP Socket API]: Status and home for this specification

On 4/1/15 12:50 PM, Domenic Denicola wrote:
> Do you think it's acceptable for browser to experiment with e.g. auto-granting permission if the requested remoteAddress is equal to the IP address of the origin executing the API?

This particular example sets of alarm bells for me because of virtual 
hosting.  As in, this seems like precisely the sort of thing that one 
browser might experiment with, another consider an XSS security bug, and 
then we have content that depends on a particular browser, no?

-Boris

Received on Wednesday, 1 April 2015 16:56:11 UTC