W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2014

Re: Removal of the note about extensions

From: Mitar <mmitar@gmail.com>
Date: Mon, 24 Feb 2014 22:44:42 -0800
Message-ID: <CAKLmikO22awPCigAnvZhqXZPGckFi6wcF=CQX73ZvtwVuPtrPQ@mail.gmail.com>
To: Mike Pomax Kamermans <pomax@nihongoresources.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi!

On Mon, Feb 24, 2014 at 9:02 AM, Mike "Pomax" Kamermans
<pomax@nihongoresources.com> wrote:
> It would be even nicer if it could be made solution-agnostic, simply stating
> that UA are encouraged to allow users to override CSP either through
> UA-preferences or through third-party added functionality. If we come up
> with a third thing to supplement addons and bookmarklets, the suggested
> clause will run into an enumeration problem (it's hard to future-proof
> explicit lists).

I would really love to see bookmarklets explicitly mentioned.
Otherwise people made arguments that bookmarklets are not add-on or
extensions. For example, see this comment:

https://bugzilla.mozilla.org/show_bug.cgi?id=866522#c15

Simon is arguing that bookmarklets should not be allowed to inject
additional scripts into the page becase they are not extensions.


Mitar

-- 
http://mitar.tnode.com/
https://twitter.com/mitar_m
Received on Tuesday, 25 February 2014 06:45:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC