- From: Dan Veditz <dveditz@mozilla.com>
- Date: Sat, 03 Nov 2012 01:22:23 +0100
- To: Adam Barth <w3c@adambarth.com>
- CC: Ian Melven <imelven@mozilla.com>, Web Application Security Working Group <public-webappsec@w3.org>
On 11/2/12 9:22 PM, Adam Barth wrote: > I'm not sure how useful this directive is now that many user agents > are blocking mixed scripting by default. That raises a fairly good point: if multiple user agents are already doing (part of) this we should probably specify this behavior somewhere or at least argue about it. I believe no-mixed-content was intended to also block mixed-display content (images and such) that user-agents currently don't block. I believe the motivation is to give top-level documents some ability to prevent 3rd party included content (for example, framed ads) from triggering negative UX or warnings in browsers. -Dan Veditz
Received on Saturday, 3 November 2012 00:22:50 UTC