W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2014

Re: Removal of the note about extensions

From: Glenn Adams <glenn@skynav.com>
Date: Mon, 24 Feb 2014 16:05:54 -0700
Message-ID: <CACQ=j+eaqaazdtwvvynrP57CSgN0orei7v0N7YyXGrW8xBkVgg@mail.gmail.com>
To: Mike Pomax Kamermans <pomax@nihongoresources.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Feb 24, 2014 at 10:23 AM, Mike "Pomax" Kamermans <
pomax@nihongoresources.com> wrote:

> On 2/24/2014 5:31 AM, Mike West wrote:
>
>> With this in mind, I'm inclined to add a non-normative note to the spec
>> along the lines of "Note that user agents are encouraged to allow
>> third-party add-ons and JavaScript bookmarklets to bypass policy
>> enforcement, either implicitly or based on the user's preference."
>>
>
> It might be worth changing it slightly to be solution-agnostic, so there's
> no problem when we invent a third/fourth/etc technology that adds
> functionality to a browser in addition to bookmarklets and addons, but I'd
> be quite happy to just see this phrase back in the spec =)
>
> If we had to rephrase, I'd suggest something like "User agents are
> encouraged to allow users to modify or bypass CSP enforcement, through user
> preferences and/or third-party additions to the user-agent" so that we're
> not tied to specifically bookmarklets and extensions.


I could accept this if "encouraged" were changed to "permitted".


>
>
> - Mike "Pomax" Kamermans
>
>
>
Received on Monday, 24 February 2014 23:06:42 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC