W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: CfC: Mixed Content to Last Call?

From: Mike West <mkwst@google.com>
Date: Thu, 30 Oct 2014 12:47:14 +0100
Message-ID: <CAKXHy=dFTx_oq_J4UiP5Fj_qv4YY2z9o4CGsOtLG_y9kOYbFvA@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>, Chris Palmer <palmer@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Mark Nottingham <mnot@mnot.net>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
On Thu, Oct 30, 2014 at 9:35 AM, Mike West <mkwst@google.com> wrote:
> All these terms get irky when you apply them to resources created from
>> blob or data URLs.
> +Chris Palmer, who loves nothing more than naming things.

How about this: let's avoid the problem entirely by just answering the
question "Can I use powerful features in this context?":

>> > I don't believe there are any substantive controversies remaining, but
>> if
>> > I've missed anything, this CfC is a nice forcing function to get it out
>> into
>> > the open. :)
>> I think it is still problematic that it tries to make claims based on
>> origins. I thought the idea was to do away with that and instead base
>> those checks on objects that can actually assertions about involvement
>> of TLS or localhost, namely responses and environment settings
>> objects.
> Hrm. Yeah, I did want to do something with that. I'll poke at it today.

Rewrote the section, as above. Take a look!


Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Thursday, 30 October 2014 11:48:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:42 UTC