W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2013

Re: Serialized suborigins

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Mon, 16 Sep 2013 01:39:02 +0100
Message-ID: <CAPfop_1XsxPW=sb8go4ZBVunSMedQ1BAfobOThmtWmXas4grXA@mail.gmail.com>
To: Michal Zalewski <lcamtuf@coredump.cx>
Cc: Brad Hill <hillbrad@gmail.com>, Joel Weinberger <jww@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
> Honestly, I'm a bit struggling to understand what's the key benefit of
> doing suborigin://hashed-concat versus suborigin://non-hashed-concat -
> in that both of these representations will not be literal string

+1. I think hashing unnecessarily complicates the spec, the
application code, and (UA) implementations. I also think it will have
a massive (negative) impact on debuggability and developer usability
of sub-origins. There is value to the ease and simplicity of a simple
concat.

cheers
Dev
Received on Monday, 16 September 2013 00:39:48 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC