- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 30 Oct 2014 16:40:23 +0000 (UTC)
- To: Anne van Kesteren <annevk@annevk.nl>
- cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, 30 Oct 2014, Anne van Kesteren wrote: > On Thu, Oct 30, 2014 at 5:23 PM, Ian Hickson <ian@hixie.ch> wrote: > > Why would this be a problem? If you navigate the top-level browsing > > context the embedded stuff becomes irrelevant, no? > > 1) The document can still be alive in terms of history, no? Sure, but why is /b relevant to /a in this example? They're unrelated, no? > 2) If it invoked sendBeacon() or <a ping> triggered at that point, such > a mixed content check still seems relevant. Not sure I understand. Maybe I got confused about your example. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 30 October 2014 16:40:48 UTC