W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: Fetching contexts

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 06 Jun 2013 12:35:22 -0400
Message-ID: <51B0BA4A.6080101@mit.edu>
To: public-webappsec@w3.org
On 6/6/13 10:11 AM, Anne van Kesteren wrote:
> Gordon put together a wiki page that lists the different fetching
> contexts with respect to sniffing. On my request he also added a
> column for CSP:
>
> http://wiki.whatwg.org/wiki/Contexts
>
> It's not entirely clear yet to me what the right layering is for
> Fetch/MIME sniffing/CSP. Thoughts appreciated.

We should probably add at least workers, XMLHttpRequest, SVG resource 
documents, document.load, XSLT.  Probably eventually the components 
import stuff.

Does EventSource do a fetch internally?

I'm not sure whether any UAs fetch DTDs in practice, but if so they 
should be added too.

<object> might need to be a separate context from "nested browsing" and 
"plugin", possibly.  It really depends on how the spec for it reads.

-Boris
Received on Thursday, 6 June 2013 16:35:54 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC