- From: Brian Smith <brian@briansmith.org>
- Date: Mon, 15 Dec 2014 22:07:07 -0800
- To: Mike West <mkwst@google.com>
- Cc: Michael Cooper <cooper@w3.org>, David Walp <David.Walp@microsoft.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Dec 15, 2014 at 7:18 AM, Mike West <mkwst@google.com> wrote: > I took a pass at a strawman in > https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode. > > WDYT? Like I said in the earlier thread, I think there is a good chance we can just make the strict mode the default and only behavior. We should try to do that first, before we make CSP or the DOM more complicated. I understand there is a general compatibility concern about maybe potentially breaking too many websites, but I doubt it will be too bad. If there are particular cases you know about and are concerned about, that make you feel it is unrealistic to make this the default behavior, it would be great to have them noted. Cheers, Brian
Received on Tuesday, 16 December 2014 06:07:34 UTC