W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] 5.1 Does settings object restrict mixed content?

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 30 Oct 2014 16:23:39 +0000 (UTC)
To: Anne van Kesteren <annevk@annevk.nl>
cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <alpine.DEB.2.00.1410301622291.14596@ps20323.dreamhostps.com>
On Thu, 30 Oct 2014, Anne van Kesteren wrote:
>
> http://w3c.github.io/webappsec/specs/mixedcontent/#categorize-settings-object
> 
> 1) Should this not also consider the state "deprecated authentication"?
> 
> 2) A browsing context has a set of documents associated with it. So e.g. 
> if /a has an <iframe> with /embed and then the user navigates from /a to 
> /b while something in /embed requires a restrict mixed content check, we 
> might end up with a problem. Not sure how to solve this. Ian?

Why would this be a problem? If you navigate the top-level browsing 
context the embedded stuff becomes irrelevant, no?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 30 October 2014 16:24:02 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC