Re: [blink-dev] Proposal: Prefer secure origins for powerful new web platform features from Peter Kasting on 2014-06-28 (public-webappsec@w3.org from June 2014)

From: Peter Kasting <pkasting@google.com>
Date: Fri, 27 Jun 2014 17:02:56 -0700
To: Chris Palmer <palmer@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, blink-dev <blink-dev@chromium.org>, security-dev <security-dev@chromium.org>, dev-security@lists.mozilla.org
Message-ID: <CAAHOzFDT85H0HKzCWr0VXUr600uRJSBbJhaNjWdYrH_e0TTVBQ@mail.gmail.com>

On Fri, Jun 27, 2014 at 3:55 PM, 'Chris Palmer' via blink-dev <
blink-dev@chromium.org> wrote:

> "Particularly powerful" would mean ... generally any feature that
> we would provide a user-settable permission or privilege to.

I don't really understand this last clause.  Users of browsers can set many
permissions, e.g. in Chrome the user can grant or deny sites the ability to
use plugins, open popup windows, run Javascript, etc. I doubt you intended
to suggest that a new feature with a similar scope to those should be
restricted.

PK

Received on Saturday, 28 June 2014 00:03:23 UTC