W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2014

Re: Removal of the note about extensions

From: Mike \ <pomax@nihongoresources.com>
Date: Mon, 24 Feb 2014 09:23:48 -0800
Message-ID: <530B8024.7010502@nihongoresources.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 2/24/2014 5:31 AM, Mike West wrote:
> With this in mind, I'm inclined to add a non-normative note to the 
> spec along the lines of "Note that user agents are encouraged to allow 
> third-party add-ons and JavaScript bookmarklets to bypass policy 
> enforcement, either implicitly or based on the user's preference."

It might be worth changing it slightly to be solution-agnostic, so 
there's no problem when we invent a third/fourth/etc technology that 
adds functionality to a browser in addition to bookmarklets and addons, 
but I'd be quite happy to just see this phrase back in the spec =)

If we had to rephrase, I'd suggest something like "User agents are 
encouraged to allow users to modify or bypass CSP enforcement, through 
user preferences and/or third-party additions to the user-agent" so that 
we're not tied to specifically bookmarklets and extensions.

- Mike "Pomax" Kamermans
Received on Monday, 24 February 2014 22:51:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC