W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] feedback

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 23 Oct 2014 09:49:40 +0200
Message-ID: <CADnb78i=0TM37n3-EYim0+P=4WvJbxwLx95uj+qgz5Oz3ESyjw@mail.gmail.com>
To: Mike West <mkwst@google.com>, Jungkee Song <jungkees@gmail.com>, Ian Hickson <ian@hixie.ch>
Cc: Mark Nottingham <mnot@mnot.net>, Ryan Sleevi <sleevi@google.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 23, 2014 at 9:30 AM, Mike West <mkwst@google.com> wrote:
> I thought all settings objects have a "responsible browsing context"?
> http://www.w3.org/html/wg/drafts/html/CR/webappapis.html#responsible-browsing-context
> Did I misinterpret?

It seems so far they do. But I don't realistically see how a service
worker could have one, given that it can run in the background.

> If so, what ought I use?

I think Ian could make the environment settings object more useful by
putting more state directly on it, such as origin and a URL. That way
specifications that need to deal with all environments can do so more

I also think that Ian should probably set the TLS state for Window
objects and workers. Setting those kind of things at creation-time
makes much more sense. And perhaps he can store them on the
environment settings object so they can be conveniently accessed by
Mixed Content.

Received on Thursday, 23 October 2014 07:50:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC