Re: [webappsec] Rechartering: force secure-only child browsing contexts from Brian Smith on 2014-11-14 (public-webappsec@w3.org from November 2014)

From: Brian Smith <brian@briansmith.org>
Date: Thu, 13 Nov 2014 19:11:06 -0800
To: Mike West <mkwst@google.com>
Cc: Ryan Sleevi <sleevi@google.com>, Brad Hill <hillbrad@fb.com>, Anne van Kesteren <annevk@annevk.nl>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAFewVt6GGoXZe7Wd0R8QRrX_1f_FSwnjQq4STwDtaSx_ahqPFA@mail.gmail.com>

Mike West <mkwst@google.com> wrote:
> I think this is a pretty reasonable concept to add to MIX.
>
> It's not clear to me whether it should be the default behavior, or whether
> it should be opted-into (similar to `sandbox`).

Obviously, if it cannot be done by default, then it could be added as
a sandbox directive. But, if we can avoid adding any new mechanism,
then that is greatly preferable, for simplicity's sake.

Cheers,
Brian

Received on Friday, 14 November 2014 03:11:33 UTC