W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] feedback

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 23 Oct 2014 09:49:40 +0200
Message-ID: <CADnb78i=0TM37n3-EYim0+P=4WvJbxwLx95uj+qgz5Oz3ESyjw@mail.gmail.com>
To: Mike West <mkwst@google.com>, Jungkee Song <jungkees@gmail.com>, Ian Hickson <ian@hixie.ch>
Cc: Mark Nottingham <mnot@mnot.net>, Ryan Sleevi <sleevi@google.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 23, 2014 at 9:30 AM, Mike West <mkwst@google.com> wrote:
> I thought all settings objects have a "responsible browsing context"?
> http://www.w3.org/html/wg/drafts/html/CR/webappapis.html#responsible-browsing-context
> Did I misinterpret?

It seems so far they do. But I don't realistically see how a service
worker could have one, given that it can run in the background.


> If so, what ought I use?

I think Ian could make the environment settings object more useful by
putting more state directly on it, such as origin and a URL. That way
specifications that need to deal with all environments can do so more
easily.

I also think that Ian should probably set the TLS state for Window
objects and workers. Setting those kind of things at creation-time
makes much more sense. And perhaps he can store them on the
environment settings object so they can be conveniently accessed by
Mixed Content.


-- 
https://annevankesteren.nl/
Received on Thursday, 23 October 2014 07:50:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC