W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] 5.1 Does settings object restrict mixed content?

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 30 Oct 2014 16:40:23 +0000 (UTC)
To: Anne van Kesteren <annevk@annevk.nl>
cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <alpine.DEB.2.00.1410301639520.14596@ps20323.dreamhostps.com>
On Thu, 30 Oct 2014, Anne van Kesteren wrote:
> On Thu, Oct 30, 2014 at 5:23 PM, Ian Hickson <ian@hixie.ch> wrote:
> > Why would this be a problem? If you navigate the top-level browsing
> > context the embedded stuff becomes irrelevant, no?
> 
> 1) The document can still be alive in terms of history, no?

Sure, but why is /b relevant to /a in this example? They're unrelated, no?


> 2) If it invoked sendBeacon() or <a ping> triggered at that point, such 
> a mixed content check still seems relevant.

Not sure I understand. Maybe I got confused about your example.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 30 October 2014 16:40:48 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC