- From: Dan Veditz <dveditz@mozilla.com>
- Date: Fri, 26 Oct 2012 16:19:54 -0700
- To: John J Barton <johnjbarton@johnjbarton.com>
- CC: Adam Barth <w3c@adambarth.com>, Eduardo' Vela <evn@google.com>, public-webappsec@w3.org
On 10/26/12 4:12 PM, John J Barton wrote: > On Fri, Oct 26, 2012 at 3:53 PM, Dan Veditz <dveditz@mozilla.com> wrote: >> privacy principal that user-agent supplied policies do not report violations >> to the originating server or page content. > > Similarly, extension supplied policies should not report. Otherwise > web pages can probe the users installed extensions. I was going for brevity with user-AGENT supplied policies, agnostic to whether the UA got the policy directly from the user or (more likely) from an extension installed by the user. Sorry if it was unclear.
Received on Friday, 26 October 2012 23:20:24 UTC