Re: Defining secure-enough origins.

On Fri, Aug 22, 2014 at 11:50 AM, Mike West <> wrote:

> Hrm. The two have similar properties, and should be treated similarly. More
> to the point: I don't think there's any good justification for allowing
> 'javascript:' resources access to the kinds of APIs that we're talking about
> restricting. I wouldn't be sad if sandboxing them into unique origins
> prevented them from accessing such APIs.

I am inclined to agree.

Received on Monday, 25 August 2014 18:27:34 UTC