W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: Removal of the note about extensions

From: Mitar <mmitar@gmail.com>
Date: Sat, 1 Mar 2014 15:56:44 -0800
Message-ID: <CAKLmikOB-cQUYrAUd1DR4ZmRWBuzopsO9UewwefBHstc6nQTCQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Mike Pomax Kamermans <pomax@nihongoresources.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi!

I love it. I would of course prefer SHOULD instead of MAY there, something like:

"Note that user agents SHOULD allow users to modify or bypass policy
enforcement through user preferences, bookmarklets, third-party
additions to the user agent, and other such mechanisms."

But I do agree that it is a much better now than not having anything
to this effect in the standard.

And I also agree that it would read strange with SHOULD, in a way that
standard would require UAs to implement such features. And I
completely agree that this should not be implied. Is it possible to
have something like

If UAs provide user preferences, bookmarklets, third-party additions
to the user agent, and other such mechanisms, they should allow users
to modify or bypass policy enforcement through them.


Mitar

On Thu, Feb 27, 2014 at 5:13 AM, Mike West <mkwst@google.com> wrote:
> On Wed, Feb 26, 2014 at 8:31 PM, Mike "Pomax" Kamermans
> <pomax@nihongoresources.com> wrote:
>>
>> On 2/25/2014 2:39 AM, Mike West wrote:
>>>
>>> Though I'd claim that "encourage" actually is more reflective of the WG's
>>> consensus, I'm mostly fine with Mike's phrasing as a compromise (with some
>>> slight tweaking: I'd replace "CSP enforcement" with "the enforcement of a
>>> protected resource's Content Security Policy").
>>
>>
>> Cool. I'd strongly prefer "encourage", too, but I'd even more prefer a
>> non-abscent text =)
>
>
> I've added a slightly tweaked version of this as
> https://github.com/w3c/webappsec/commit/73963d509b20513a6f42b1e0839715aca8b578b0.
> Feedback is welcome.
>
>>
>> Not being familiar with the actual code-contribution process, who would be
>> filing this as  PR?
>
>
> If you (or anyone else!) wants to directly suggest changes to the spec, then
> forking https://github.com/w3c/webappsec and submitting a pull request is
> certainly acceptable.
>
> Thanks!
>
> -mike
>
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>



-- 
http://mitar.tnode.com/
https://twitter.com/mitar_m
Received on Saturday, 1 March 2014 23:57:12 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC