W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2014

Re: CSP Spec question

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 28 May 2014 13:08:14 +0200
Message-ID: <CADnb78ijD3hJxK_Dd9+xQMRkRW2nsVv5-6aTQTjG6KPgi_PVLQ@mail.gmail.com>
To: Mike West <mike@mikewest.org>
Cc: WebAppSec WG <public-webappsec@w3.org>, Adam Gray <adam@trackif.com>
On Wed, May 28, 2014 at 12:49 PM, Mike West <mike@mikewest.org> wrote:
> On May 28, 2014 10:42 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote:
>> Those are out of scope of standards as they pertain to browser UX and
>> not platform-exposed functionality.
> Depends on the question. Plugins are certainly part of the platform,

I'm not sure I agree with that. If that were true, Chrome would not be
trying to move away from NPAPI, Safari would support Flash and other
plugins on iOS, etc. We certainly have defined some things around
plugins, but they are mostly a black box still and everyone hopes to
move away from them just like Apple did.

> and, as
> you've noticed in previous threads Anne, there's intense disagreement as to
> standards' role in recommending browser behavior regarding the interaction
> of extensions and the platform.

There may be disagreement, but that's the role standards have taken to
date. We don't run conformance test suites of standards on browsers
plus their myriad of extensions. Or on custom builds of browsers some
set of users decided to start using (same as extensions). None of that
seems tenable either, so I'm not sure why there would be disagreement.

Received on Wednesday, 28 May 2014 11:08:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC