Re: CSP formal objection.

Thank you, everyone, for working together to a mutually agreeable conclusion.

On Jan 29, 2014, at 8:48 AM, "Glenn Adams" <glenn@skynav.com<mailto:glenn@skynav.com>> wrote:

Yes, that addresses our concern at first order. I will close the bug.

Thanks, Glenn


On Wed, Jan 29, 2014 at 9:15 AM, Mike West <mkwst@chromium.org<mailto:mkwst@chromium.org>> wrote:
I've landed https://github.com/w3c/webappsec/commit/cbfaa8edfadebf21a9c7428242c12e45934d8c55 into the working draft. I believe that addresses the objection. Glenn, do you agree?

-mike

-Mike


On Tue, Jan 28, 2014 at 3:19 PM, Brian Smith <brian@briansmith.org<mailto:brian@briansmith.org>> wrote:
On Tue, Jan 28, 2014 at 12:57 PM, Anne van Kesteren <annevk@annevk.nl<mailto:annevk@annevk.nl>> wrote:
>> On Mon, Jan 27, 2014 at 10:19 AM, Glenn Adams <glenn@skynav.com<mailto:glenn@skynav.com>> wrote:
>>> Option #1
>>>
>>> Our preference would be to simply remove the following text from 3.2.3:
>>>
>>> "Enforcing a policy should not interfere with the operation of
>>> user-supplied scripts such as third-party user-agent add-ons and JavaScript
>>> bookmarklets."
>
> This makes the most sense to me. Web standards have no business
> talking about UI-level features.

I also agree. The intent is to protect addon developers and addon
users from having websites disabling their addon functionality. But,
even within Mozilla there isn't complete agreement on how to interpret
that text, and I doubt that there's going to be broad agreement across
implementations.

Cheers,
Brian
--
Mozilla Networking/Crypto/Security (Necko/NSS/PSM)

Received on Wednesday, 29 January 2014 19:05:11 UTC