W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features

From: Peter Kasting <pkasting@google.com>
Date: Fri, 27 Jun 2014 17:02:56 -0700
Message-ID: <CAAHOzFDT85H0HKzCWr0VXUr600uRJSBbJhaNjWdYrH_e0TTVBQ@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, blink-dev <blink-dev@chromium.org>, security-dev <security-dev@chromium.org>, dev-security@lists.mozilla.org
On Fri, Jun 27, 2014 at 3:55 PM, 'Chris Palmer' via blink-dev <
blink-dev@chromium.org> wrote:

> "Particularly powerful" would mean ... generally any feature that
> we would provide a user-settable permission or privilege to.


I don't really understand this last clause.  Users of browsers can set many
permissions, e.g. in Chrome the user can grant or deny sites the ability to
use plugins, open popup windows, run Javascript, etc. I doubt you intended
to suggest that a new feature with a similar scope to those should be
restricted.

PK
Received on Saturday, 28 June 2014 00:03:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC