- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Mon, 2 Apr 2012 17:17:45 -0700
- To: public-webappsec@w3.org
On Fri, Mar 30, 2012 at 9:02 AM, Daniel Veditz <dveditz@mozilla.com> wrote: > On 3/27/12 3:06 PM, Adam Barth wrote: >> Let's number the use cases for easy reference (from Brad's message): >> >> 1) Support static documents loaded by file: , data: or other non-HTTP methods > > Not a common case. A more compelling "web" use-case is for > situations where authors are given space for content but no control > over the headers served (example: blog hosting services, the old > Geocities). At Mozilla we were sad to give this case up when we > decided policy-uri was safer than a <meta> tag. To me, applications such as browser extensions (e.g., NoScript and AdBlock) also count as `web' applications. This falls in the "documents loaded by non-HTTP methods." Given the massive popularity of these extensions, I would say it is a significant use case (certainly not the most common case, but definitely warranting a say) thanks dev
Received on Tuesday, 3 April 2012 00:18:35 UTC