- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 10 Nov 2014 10:11:01 +0100
- To: Brad Hill <hillbrad@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Nov 10, 2014 at 1:07 AM, Brad Hill <hillbrad@gmail.com> wrote: > Based on our survey results and discussion at TPAC, there is strong > consensus NOT chartering work on enforcing secure only child browsing > contexts at any level of nesting. > > The consensus was that this could be handled reasonably with existing > mechanisms, such as only framing content from origins that themselves > express an HSTS policy. How exactly is that enforcement? The user can easily navigate away, no? -- https://annevankesteren.nl/
Received on Monday, 10 November 2014 09:11:27 UTC