W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: [webappsec] Rechartering: force secure-only child browsing contexts

From: Brian Smith <brian@briansmith.org>
Date: Thu, 13 Nov 2014 19:11:06 -0800
Message-ID: <CAFewVt6GGoXZe7Wd0R8QRrX_1f_FSwnjQq4STwDtaSx_ahqPFA@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Ryan Sleevi <sleevi@google.com>, Brad Hill <hillbrad@fb.com>, Anne van Kesteren <annevk@annevk.nl>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Mike West <mkwst@google.com> wrote:
> I think this is a pretty reasonable concept to add to MIX.
>
> It's not clear to me whether it should be the default behavior, or whether
> it should be opted-into (similar to `sandbox`).

Obviously, if it cannot be done by default, then it could be added as
a sandbox directive. But, if we can avoid adding any new mechanism,
then that is greatly preferable, for simplicity's sake.

Cheers,
Brian
Received on Friday, 14 November 2014 03:11:33 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC