W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

[MIX] 5.1 Does settings object restrict mixed content?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 30 Oct 2014 15:03:03 +0100
Message-ID: <CADnb78g6Zrr9RRdvdQDkg1=QWpjvYakurpcOeaEdp=6NSJKu9w@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
Cc: Ian Hickson <ian@hixie.ch>
http://w3c.github.io/webappsec/specs/mixedcontent/#categorize-settings-object

1) Should this not also consider the state "deprecated authentication"?

2) A browsing context has a set of documents associated with it. So
e.g. if /a has an <iframe> with /embed and then the user navigates
from /a to /b while something in /embed requires a restrict mixed
content check, we might end up with a problem. Not sure how to solve
this. Ian?


-- 
https://annevankesteren.nl/
Received on Thursday, 30 October 2014 14:03:30 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC