W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: [MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.)

From: Chris Palmer <palmer@google.com>
Date: Fri, 13 Jun 2014 09:10:35 -0700
Message-ID: <CAOuvq23UFiZJ2QeXZMHRirCGBiVzUQxPt-nNVXj1Yq+JmXsbsw@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Tanvi Vyas <tanvi@mozilla.com>, Brad Hill <bhill@paypal.com>, Dan Veditz <dveditz@mozilla.com>, Anne van Kesteren <annevk@annevk.nl>
On Thu, Jun 12, 2014 at 5:29 PM, Brian Smith <brian@briansmith.org> wrote:

> You and I already seem to agree that BEACON and <a ping> should be blocked
> and I haven't heard anybody suggest otherwise, so let's remove them from the
> list. Now, I would guess that there is not much existing <track> or
> <picture>/<srcset> content either, so I think we could probably block those
> now without any significant compatibility impact. And, I wouldn't be
> surprised if we were to find that there is very little <audio> mixed content
> either. So, why not just start blocking all of those right away too?

I would like that.

> Then, potentially the only things that wouldn't be blocked by default would
> be <img> and <video>. If that were to become the case soon, and we also
> agree we're going to block all new kinds of mixed content by default, then
> the old active vs. passive distinction would be more confusing than helpful,
> since it would have basically no relation to how we ultimately decide why
> mixed content <img> and <video> are not blocked but other kinds of mixed
> content (even things that have the same security considerations like
> <picture>) are blocked.

I think active vs. passive is still meaningful, and although somewhat
confusing, the "legacy vs. new" distinction would/should/could go a
long way toward explaining the discrepancy.

(He said, as a "relentlessly optimistic" USA-ian)
Received on Friday, 13 June 2014 16:11:02 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC