- From: Jim Manico <jim.manico@owasp.org>
- Date: Mon, 10 Nov 2014 17:10:53 +0800
- To: Daniel Veditz <dveditz@mozilla.com>, Brian Smith <brian@briansmith.org>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Yup, this covers exactly what I had in mind. I do indeed hope you include it in future versions of that standard. Thank you Daniel, Jim On 11/10/14 2:17 PM, Daniel Veditz wrote: > On 11/9/2014 4:40 PM, Jim Manico wrote: >> This is a bit tangential, but for future versions of the standard, I'd >> love to be able to limit where simple links are allowed to go. For >> example, perhaps I want to limit a site from only being allow to link to >> my domain or subdomain. I'm just thinking, what else can we limit in the >> browser to lower the attack surface? > We are considering adding controls inspired by David Ross's "Entry Point > Regulation" idea. Is that along the lines of what you were thinking? > http://randomdross.blogspot.com/2014/08/entry-point-regulation-for-web-apps.html > > -Dan Veditz
Received on Monday, 10 November 2014 09:11:29 UTC