Re: "Mixed Content" draft up for review.

On Mon, Jun 2, 2014 at 3:30 PM, Mike West <> wrote:
> On Mon, Jun 2, 2014 at 2:55 PM, Anne van Kesteren <> wrote:
>> True, and the same goes for only checking top. However, the current
>> algorithm does not do that. It returns as soon it verifies the current
>> document.
> I think we need both. Consider -> -> data: ->
> Before loading c, we check the parent, which is a secure context because of
> If we only checked, we'd allow to load. I don't think we
> want that.

step 1 says if the environment is TLS-protected, you return true. And
you are not checking the parent in step 2 (which would not be reached
if the current environment was secure), you check the top.


Received on Tuesday, 3 June 2014 06:17:45 UTC