- From: Chris Palmer <palmer@google.com>
- Date: Mon, 25 Aug 2014 11:27:07 -0700
- To: Mike West <mkwst@google.com>
- Cc: Boris Zbarsky <bzbarsky@mit.edu>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Ryan Sleevi <sleevi@google.com>, Anne van Kesteren <annevk@annevk.nl>
On Fri, Aug 22, 2014 at 11:50 AM, Mike West <mkwst@google.com> wrote: > Hrm. The two have similar properties, and should be treated similarly. More > to the point: I don't think there's any good justification for allowing > 'javascript:' resources access to the kinds of APIs that we're talking about > restricting. I wouldn't be sad if sandboxing them into unique origins > prevented them from accessing such APIs. I am inclined to agree.
Received on Monday, 25 August 2014 18:27:34 UTC